From 868e898c8ddfa42cf80f94d4013bd24f6f59680c Mon Sep 17 00:00:00 2001 From: weyfonk Date: Thu, 16 Nov 2023 14:19:35 +0000 Subject: [PATCH] deploy: 9acb915275203fc405c6798fb7e5e2bed1f58c42 --- 0.4.html | 10 +-- 0.4/advanced-users.html | 10 +-- 0.4/agent-initiated.html | 12 +-- 0.4/architecture.html | 12 +-- 0.4/bundle-diffs.html | 12 +-- 0.4/cluster-bundles-state.html | 10 +-- 0.4/cluster-group.html | 12 +-- 0.4/cluster-overview.html | 12 +-- 0.4/cluster-tokens.html | 12 +-- 0.4/concepts.html | 12 +-- 0.4/examples.html | 12 +-- 0.4/gitrepo-add.html | 12 +-- 0.4/gitrepo-structure.html | 12 +-- 0.4/gitrepo-targets.html | 12 +-- 0.4/imagescan.html | 12 +-- 0.4/installation.html | 12 +-- 0.4/manager-initiated.html | 12 +-- 0.4/multi-cluster-install.html | 12 +-- 0.4/namespaces.html | 12 +-- 0.4/quickstart.html | 12 +-- 0.4/single-cluster-install.html | 12 +-- 0.4/troubleshooting.html | 12 +-- 0.4/uninstall.html | 12 +-- 0.4/webhook.html | 12 +-- 0.5.html | 10 +-- 0.5/advanced-users.html | 10 +-- 0.5/agent-initiated.html | 12 +-- 0.5/architecture.html | 12 +-- 0.5/bundle-diffs.html | 12 +-- 0.5/cluster-bundles-state.html | 10 +-- 0.5/cluster-group.html | 12 +-- 0.5/cluster-overview.html | 12 +-- 0.5/cluster-tokens.html | 12 +-- 0.5/concepts.html | 12 +-- 0.5/examples.html | 12 +-- 0.5/gitrepo-add.html | 12 +-- 0.5/gitrepo-structure.html | 12 +-- 0.5/gitrepo-targets.html | 12 +-- 0.5/imagescan.html | 12 +-- 0.5/installation.html | 12 +-- 0.5/manager-initiated.html | 12 +-- 0.5/multi-cluster-install.html | 12 +-- 0.5/namespaces.html | 12 +-- 0.5/quickstart.html | 12 +-- 0.5/single-cluster-install.html | 12 +-- 0.5/troubleshooting.html | 12 +-- 0.5/uninstall.html | 12 +-- 0.5/webhook.html | 12 +-- 0.6.html | 10 +-- 0.6/architecture.html | 12 +-- 0.6/bundle-diffs.html | 12 +-- 0.6/cli/fleet-agent.html | 10 +-- 0.6/cli/fleet-cli/fleet.html | 10 +-- 0.6/cli/fleet-cli/fleet_apply.html | 10 +-- 0.6/cli/fleet-cli/fleet_test.html | 10 +-- 0.6/cli/fleet-controller/fleet-manager.html | 10 +-- 0.6/cluster-bundles-state.html | 10 +-- 0.6/cluster-group.html | 12 +-- 0.6/cluster-registration.html | 12 +-- 0.6/concepts.html | 12 +-- 0.6/gitrepo-add.html | 12 +-- 0.6/gitrepo-content.html | 12 +-- 0.6/gitrepo-targets.html | 12 +-- 0.6/imagescan.html | 12 +-- 0.6/installation.html | 12 +-- 0.6/multi-user.html | 12 +-- 0.6/namespaces.html | 12 +-- 0.6/quickstart.html | 12 +-- 0.6/ref-bundle-stages.html | 10 +-- 0.6/ref-configuration.html | 10 +-- 0.6/ref-crds.html | 10 +-- 0.6/ref-fleet-yaml.html | 10 +-- 0.6/ref-gitrepo.html | 12 +-- 0.6/ref-registration.html | 12 +-- 0.6/ref-resources.html | 10 +-- 0.6/troubleshooting.html | 12 +-- 0.6/tut-deployment.html | 12 +-- 0.6/uninstall.html | 12 +-- 0.6/webhook.html | 12 +-- 0.7.html | 10 +-- 0.7/architecture.html | 12 +-- 0.7/bundle-add.html | 12 +-- 0.7/bundle-diffs.html | 12 +-- 0.7/cli/fleet-agent.html | 10 +-- 0.7/cli/fleet-cli/fleet.html | 10 +-- 0.7/cli/fleet-cli/fleet_apply.html | 10 +-- 0.7/cli/fleet-cli/fleet_test.html | 10 +-- 0.7/cli/fleet-controller/fleet-manager.html | 10 +-- 0.7/cluster-bundles-state.html | 10 +-- 0.7/cluster-group.html | 12 +-- 0.7/cluster-registration.html | 12 +-- 0.7/concepts.html | 12 +-- 0.7/gitrepo-add.html | 12 +-- 0.7/gitrepo-content.html | 12 +-- 0.7/gitrepo-targets.html | 12 +-- 0.7/imagescan.html | 12 +-- 0.7/installation.html | 12 +-- 0.7/multi-user.html | 12 +-- 0.7/namespaces.html | 12 +-- 0.7/quickstart.html | 12 +-- 0.7/ref-bundle-stages.html | 10 +-- 0.7/ref-bundle.html | 12 +-- 0.7/ref-configuration.html | 12 +-- 0.7/ref-crds.html | 10 +-- 0.7/ref-fleet-yaml.html | 10 +-- 0.7/ref-gitrepo.html | 12 +-- 0.7/ref-registration.html | 12 +-- 0.7/ref-resources.html | 10 +-- 0.7/troubleshooting.html | 12 +-- 0.7/tut-deployment.html | 12 +-- 0.7/uninstall.html | 12 +-- 0.7/webhook.html | 12 +-- 0.8.html | 10 +-- 0.8/architecture.html | 12 +-- 0.8/bundle-add.html | 12 +-- 0.8/bundle-diffs.html | 12 +-- 0.8/cli/fleet-agent.html | 10 +-- 0.8/cli/fleet-cli/fleet.html | 10 +-- 0.8/cli/fleet-cli/fleet_apply.html | 10 +-- 0.8/cli/fleet-cli/fleet_test.html | 10 +-- 0.8/cli/fleet-controller/fleet-manager.html | 10 +-- 0.8/cluster-bundles-state.html | 10 +-- 0.8/cluster-group.html | 12 +-- 0.8/cluster-registration.html | 12 +-- 0.8/concepts.html | 12 +-- 0.8/gitrepo-add.html | 12 +-- 0.8/gitrepo-content.html | 12 +-- 0.8/gitrepo-targets.html | 12 +-- 0.8/imagescan.html | 12 +-- 0.8/installation.html | 12 +-- 0.8/multi-user.html | 12 +-- 0.8/namespaces.html | 12 +-- 0.8/quickstart.html | 12 +-- 0.8/ref-bundle-stages.html | 10 +-- 0.8/ref-bundle.html | 12 +-- 0.8/ref-configuration.html | 12 +-- 0.8/ref-crds.html | 10 +-- 0.8/ref-fleet-yaml.html | 10 +-- 0.8/ref-gitrepo.html | 12 +-- 0.8/ref-registration.html | 12 +-- 0.8/ref-resources.html | 10 +-- 0.8/resources-during-deployment.html | 10 +-- 0.8/troubleshooting.html | 12 +-- 0.8/tut-deployment.html | 12 +-- 0.8/uninstall.html | 12 +-- 0.8/webhook.html | 12 +-- 0.9.html | 16 ++++ 0.9/architecture.html | 35 ++++++++ 0.9/bundle-add.html | 22 +++++ 0.9/bundle-diffs.html | 17 ++++ 0.9/cli/fleet-agent.html | 16 ++++ 0.9/cli/fleet-cli/fleet.html | 16 ++++ 0.9/cli/fleet-cli/fleet_apply.html | 16 ++++ 0.9/cli/fleet-cli/fleet_cleanup.html | 16 ++++ 0.9/cli/fleet-cli/fleet_test.html | 16 ++++ 0.9/cli/fleet-controller/fleet-manager.html | 16 ++++ 0.9/cluster-bundles-state.html | 16 ++++ 0.9/cluster-group.html | 20 +++++ 0.9/cluster-registration.html | 82 +++++++++++++++++++ 0.9/concepts.html | 31 +++++++ 0.9/gitrepo-add.html | 22 +++++ 0.9/gitrepo-content.html | 58 +++++++++++++ 0.9/gitrepo-targets.html | 30 +++++++ 0.9/imagescan.html | 18 ++++ 0.9/installation.html | 44 ++++++++++ 0.9/multi-user.html | 24 ++++++ 0.9/namespaces.html | 46 +++++++++++ 0.9/quickstart.html | 18 ++++ 0.9/ref-bundle-stages.html | 16 ++++ 0.9/ref-bundle.html | 17 ++++ 0.9/ref-configuration.html | 19 +++++ 0.9/ref-crds.html | 16 ++++ 0.9/ref-fleet-yaml.html | 16 ++++ 0.9/ref-gitrepo.html | 17 ++++ 0.9/ref-registration.html | 21 +++++ 0.9/ref-resources.html | 16 ++++ 0.9/resources-during-deployment.html | 16 ++++ 0.9/troubleshooting.html | 19 +++++ 0.9/tut-deployment.html | 20 +++++ 0.9/uninstall.html | 18 ++++ 0.9/webhook.html | 18 ++++ 404.html | 10 +-- architecture.html | 12 +-- ...4035b.171af502.js => 01b4035b.d15f02be.js} | 2 +- ...9d9e7.597854d6.js => 0209d9e7.83b2c779.js} | 2 +- ...2b8ff.b9d5cb88.js => 0252b8ff.f09f2775.js} | 2 +- ...4e902.885227cd.js => 0364e902.7f26374a.js} | 2 +- ...b75e5.fdaaf270.js => 07db75e5.50683faf.js} | 2 +- ...d9053.4f6c5caa.js => 095d9053.ff8f1ff1.js} | 2 +- ...6c365.1c5ae544.js => 0a06c365.50ec83d7.js} | 2 +- ...79735.a260535e.js => 0ab79735.8b96b6b7.js} | 2 +- ...b2694.457639cb.js => 0acb2694.894e1f43.js} | 2 +- ...7b06f.b78f34e7.js => 0bd7b06f.4fc500f6.js} | 2 +- ...1d2b6.339f038e.js => 0ce1d2b6.2af6a878.js} | 2 +- ...4760e.e4ec5773.js => 0db4760e.22e0da4b.js} | 2 +- assets/js/0e3fdb5a.85e6de4c.js | 1 + ...0cd4d.9f4bda82.js => 0e50cd4d.1762ebb5.js} | 2 +- ...8f188.0eca7fcd.js => 0f38f188.33602069.js} | 2 +- ...03480.a7a8fb1f.js => 10f03480.b6d4e5e7.js} | 2 +- ...54a6a.a26f6fa7.js => 11f54a6a.30a304a0.js} | 2 +- assets/js/126a9cd0.a737c806.js | 1 + ...4838b.5a96d00e.js => 12f4838b.458eae3f.js} | 2 +- ...acae8.6c425118.js => 140acae8.5ef1499d.js} | 2 +- ...e2e0a.d0272729.js => 167e2e0a.317675a7.js} | 2 +- ...989a3.fd2f77fb.js => 170989a3.13f5c096.js} | 2 +- assets/js/18f4f7da.7a62b7d0.js | 1 + ...61b9d.0b16f103.js => 1bd61b9d.89ff5a35.js} | 2 +- ...4308a.ac059e1a.js => 1f14308a.ca8a114b.js} | 2 +- ...30703.228894e7.js => 1f330703.b099cbf2.js} | 2 +- ...b8b7b.f5b68231.js => 1f8b8b7b.02d2b164.js} | 2 +- ...c2b35.73264e50.js => 1fec2b35.5aa52915.js} | 2 +- ...89235.cc4e01e4.js => 20889235.d0ac9730.js} | 2 +- ...02ecb.df14eb76.js => 21d02ecb.fca633e5.js} | 2 +- ...369d5.e77b22ec.js => 22b369d5.8be4e519.js} | 2 +- ...340c6.34327f0b.js => 246340c6.3f1c724e.js} | 2 +- ...ffcdd.8c2c87ef.js => 250ffcdd.b971ee22.js} | 2 +- ...9085f.f209420e.js => 2579085f.d7d70f0c.js} | 2 +- ...8f7a2.4953deae.js => 2938f7a2.0498a3d4.js} | 2 +- assets/js/2a9b5780.8c824699.js | 1 + ...6db16.1e09bfe9.js => 2c86db16.00eb8bef.js} | 2 +- ...18eff.69f5553f.js => 2d618eff.ca23dff7.js} | 2 +- ...49bc9.72a2b5d8.js => 2dc49bc9.ceea9191.js} | 2 +- assets/js/300dc0ad.6c146903.js | 1 + ...14031.69439c2e.js => 32a14031.3c279e0f.js} | 2 +- ...7bf40.8fad3bc1.js => 32c7bf40.c9472272.js} | 2 +- ...d0560.d960d7b6.js => 340d0560.3768fb1d.js} | 2 +- ...3c1ae.ad7ad99f.js => 34a3c1ae.9b4c716b.js} | 2 +- ...1e1e7.93149a17.js => 34c1e1e7.29c6cf31.js} | 2 +- ...b4307.4cb353fb.js => 34eb4307.6d5c217a.js} | 2 +- assets/js/370ac30b.126fb5ac.js | 1 + ...8f698.347ad05b.js => 3718f698.1144f2fa.js} | 2 +- ...5e362.f97cecfd.js => 39f5e362.46100ac8.js} | 2 +- assets/js/3a0e6d91.dbc8e9e0.js | 1 + ...a2cbe.6252fd86.js => 3a2a2cbe.7caaa130.js} | 2 +- ...c55ea.1dfd7906.js => 3b8c55ea.672063eb.js} | 2 +- ...b86e7.bedd888b.js => 3d7b86e7.c1c80a97.js} | 2 +- ...7aba1.1b7c8753.js => 4177aba1.c47f8c88.js} | 2 +- assets/js/41b31679.db15244a.js | 1 + ...5cd1f.13f44d76.js => 45a5cd1f.a626969d.js} | 2 +- ...9c1f8.d15d725c.js => 46c9c1f8.c6754282.js} | 2 +- ...f6a86.a71ce589.js => 49af6a86.fa91e501.js} | 2 +- ...b6852.89449847.js => 4ccb6852.6542ce14.js} | 2 +- ...c8f87.82df6c12.js => 4fac8f87.627eda28.js} | 2 +- ...a9fc5.81855c6f.js => 504a9fc5.b64e5b1d.js} | 2 +- ...0676a.0ce199fa.js => 50b0676a.bc7e1b71.js} | 2 +- ...6c92e.92f89004.js => 5176c92e.43387669.js} | 2 +- ...d95f1.b43b0198.js => 522d95f1.0913ec93.js} | 2 +- ...1b7a2.5a0747cb.js => 5281b7a2.8839f94e.js} | 2 +- ...9b7b3.f5fc88d6.js => 5379b7b3.352ed73a.js} | 2 +- ...8fcb8.5bbfa708.js => 5388fcb8.69d5d6c2.js} | 2 +- ...8b813.8dc5ef51.js => 53c8b813.a89641b5.js} | 2 +- ...a1243.dbb56b10.js => 53da1243.190d6a16.js} | 2 +- assets/js/58cc1d6e.73f8939c.js | 1 + ...65616.8052336c.js => 5a165616.c6596bcc.js} | 2 +- assets/js/5b0cdfa3.2099f630.js | 1 + assets/js/5b7f8ae0.07f9d4fb.js | 1 + ...573a6.160fcbbf.js => 5ff573a6.c1bea08d.js} | 2 +- ...cd92c.79aeddd9.js => 60bcd92c.9b8b824c.js} | 2 +- assets/js/60c2c817.daacf9b4.js | 1 + ...623d2.185ddb0a.js => 612623d2.fc39007f.js} | 2 +- ...bc60f.7450f343.js => 62bbc60f.e420622c.js} | 2 +- ...9fbc0.bb7a998f.js => 6349fbc0.22dd4e83.js} | 2 +- ...f26b6.e35f3778.js => 635f26b6.96e5c51b.js} | 2 +- ...62f73.11e91c68.js => 63e62f73.254ef863.js} | 2 +- ...4770e.3dd62aa7.js => 64b4770e.36c7c6ad.js} | 2 +- ...ed9ed.f4cfcda7.js => 680ed9ed.565a98e9.js} | 2 +- assets/js/69dd637e.a513c275.js | 1 + ...40bac.d11531d5.js => 6a840bac.4fb3c915.js} | 2 +- assets/js/6c233221.09b16dbb.js | 1 + ...e47eb.4b6b6210.js => 6cbe47eb.06b715f3.js} | 2 +- ...4c0df.8cd43b8a.js => 6cf4c0df.bb59b79e.js} | 2 +- assets/js/6e869bec.4937ebe1.js | 1 + ...a62d7.6017ac95.js => 6faa62d7.a102ce40.js} | 2 +- ...cd497.8760b326.js => 702cd497.ce8f3a3c.js} | 2 +- ...2ec22.d60b71d2.js => 7292ec22.1ddc45dd.js} | 2 +- ...aca7b.bf4c4de2.js => 755aca7b.44afc5af.js} | 2 +- ...abe3e.7869f59a.js => 762abe3e.3018aab3.js} | 2 +- ...2976a.824ecded.js => 7712976a.dad13f43.js} | 2 +- ...c540a.c30b83cb.js => 77fc540a.2810ce60.js} | 2 +- ...15aed.f559bfd0.js => 7a815aed.e4184f59.js} | 2 +- ...4d2e8.32700a39.js => 7b64d2e8.1b5f3a19.js} | 2 +- assets/js/7c4790a0.13e86a05.js | 1 + ...d32d8.6f425bf3.js => 7c5d32d8.c95c0296.js} | 2 +- ...d36ad.cb47f044.js => 7f3d36ad.7136c11a.js} | 2 +- assets/js/8003b96f.0495e73a.js | 1 + ...0e160.e7b2c56f.js => 8070e160.5e336099.js} | 2 +- ...82dff.e789273b.js => 82782dff.f7feaec1.js} | 2 +- ...7bb82.7165b2e8.js => 8307bb82.c0af9b90.js} | 2 +- ...808ff.d4396567.js => 834808ff.a6e71b72.js} | 2 +- ...b3bc4.12c61fdf.js => 847b3bc4.b01e9f0a.js} | 2 +- ...d18b5.36e065c7.js => 857d18b5.9e2f9018.js} | 2 +- ...69ac3.d5a34b8c.js => 87469ac3.b088fff5.js} | 2 +- ...3f33f.8374b039.js => 88f3f33f.373f8419.js} | 2 +- ...509d6.136c4a74.js => 8eb509d6.ed8db67c.js} | 2 +- ...6a575.5244f4ae.js => 8ff6a575.c8248d99.js} | 2 +- ...bb95d.10868f91.js => 904bb95d.ca3145f2.js} | 2 +- ...a121f.2d6bf677.js => 909a121f.2017447c.js} | 2 +- ...074e2.8a31945b.js => 922074e2.5c806b33.js} | 2 +- ...3a6b7.f97f63ac.js => 9533a6b7.46042115.js} | 2 +- ...72457.7bbfbc02.js => 95a72457.c560a611.js} | 2 +- ...c03f5.4418c6a5.js => 963c03f5.9438a1ce.js} | 2 +- ...65f27.86304607.js => 96465f27.9930e371.js} | 2 +- ...3cd43.b9572569.js => 97c3cd43.ee11b536.js} | 2 +- assets/js/97d7d53e.d4b21535.js | 1 + ...cdf04.5dcbd17d.js => 984cdf04.0a56d350.js} | 2 +- ...42e60.4065f1ad.js => 9c942e60.d9833131.js} | 2 +- ...1368e.d857c116.js => 9d91368e.ad4797ca.js} | 2 +- ...f8394.46e62662.js => 9d9f8394.5470cbbb.js} | 2 +- ...89767.bf1691eb.js => 9db89767.1e273152.js} | 2 +- assets/js/9fc6df8f.f3e00348.js | 1 + ...c6d5b.6ba3a209.js => a06c6d5b.8a6e5168.js} | 2 +- ...468b1.5865e1b0.js => a2c468b1.2d6ddbd7.js} | 2 +- ...f0c4b.5595a33a.js => a60f0c4b.aa049d64.js} | 2 +- ...a5d11.6f76769c.js => a8ca5d11.4d6b8753.js} | 2 +- assets/js/a947fe06.7e38c425.js | 1 + ...7f6cd.22233c8f.js => a9e7f6cd.333808f6.js} | 2 +- ...c1f88.f6ab6341.js => ab0c1f88.12ff5c4a.js} | 2 +- assets/js/ab68c950.34eb6063.js | 1 + ...71817.f4532482.js => aba71817.4b59f33e.js} | 2 +- ...95bb4.aa69cd06.js => abf95bb4.9277d163.js} | 2 +- ...335f3.6ed040ba.js => ae2335f3.bc55c174.js} | 2 +- ...07340.5c8f1561.js => aee07340.647fe1f7.js} | 2 +- ...0d9fb.b921adb6.js => af10d9fb.221047c7.js} | 2 +- ...8bdba.c350920a.js => af48bdba.2875e1c7.js} | 2 +- assets/js/afc4945b.fe7ee9fc.js | 1 + assets/js/b0423865.a1620667.js | 1 + ...56c44.ce6230bd.js => b2456c44.7ac81ca7.js} | 2 +- ...3d2e2.03880b94.js => b283d2e2.e6765971.js} | 2 +- ...c755c.9f35a2cd.js => b32c755c.6c92acdd.js} | 2 +- ...b3bd8.3b97e24a.js => b60b3bd8.b0d16de8.js} | 2 +- ...e13b2.8bf81870.js => b7ae13b2.c3395cfe.js} | 2 +- ...3160f.d994919e.js => b8f3160f.57fd4e62.js} | 2 +- ...03c38.6e2b5b62.js => b9a03c38.1826b2ee.js} | 2 +- assets/js/bcd76598.3b29350b.js | 1 + ...65781.273a7b00.js => bd465781.220a210e.js} | 2 +- ...b0b52.0653eee2.js => c1eb0b52.72d869e3.js} | 2 +- assets/js/c234ba49.ef43c547.js | 1 + ...ab82f.8a65a80e.js => c2bab82f.5afbe212.js} | 2 +- ...7a04b.f0c7c418.js => c377a04b.0a97d2a2.js} | 2 +- ...fc33d.6df975ea.js => c3dfc33d.528997e6.js} | 2 +- ...695e7.d5cab442.js => c67695e7.bf9a42e4.js} | 2 +- ...a770e.d7636b0b.js => c6aa770e.218ee5ae.js} | 2 +- ...81d34.454124c5.js => c7381d34.769d6b9e.js} | 2 +- ...6adcd.a7125a80.js => c916adcd.1c56eb73.js} | 2 +- ...bf424.e58b70f9.js => cd0bf424.21be499d.js} | 2 +- ...23ffc.6acfaec3.js => cd323ffc.c1c081ba.js} | 2 +- ...8e831.a7e19849.js => ce48e831.4f4e45b2.js} | 2 +- ...34227.b1607e30.js => ce534227.63d8a217.js} | 2 +- ...f5f9b.ca6afa57.js => cf6f5f9b.b8a6fdc4.js} | 2 +- assets/js/d0180ce2.4e89d86a.js | 1 + ...7059e.ec478cd9.js => d277059e.fcf4ab98.js} | 2 +- ...84dd8.21642056.js => d3d84dd8.1003b5aa.js} | 2 +- ...9887a.c9192881.js => d3d9887a.eb8783ea.js} | 2 +- assets/js/d53097a5.45662c89.js | 1 + ...af0cc.26f45219.js => d6daf0cc.8051d991.js} | 2 +- ...58335.8840a095.js => d8f58335.c60e5867.js} | 2 +- ...1831e.694ed82f.js => da21831e.b64bcb98.js} | 2 +- ...ebd24.44917f60.js => db0ebd24.6e1441f3.js} | 2 +- ...7116e.097f1b82.js => dd67116e.db1849d8.js} | 2 +- ...1469d.5be4f5a7.js => dd81469d.1bf071ff.js} | 2 +- ...8e76e.e5e28e2c.js => de08e76e.f584daba.js} | 2 +- assets/js/de69e49e.08d8f0f9.js | 1 + ...3dc49.6805eef0.js => dfa3dc49.15ac5677.js} | 2 +- ...36556.f0c5c6d5.js => e0636556.2c4ce784.js} | 2 +- ...2aa27.87801736.js => e252aa27.44bf2fa3.js} | 2 +- ...8fb9e.a6987daf.js => e348fb9e.3d43ae6a.js} | 2 +- ...f16a8.58d512c4.js => e35f16a8.c7bf3f03.js} | 2 +- ...a6547.088851d9.js => e3aa6547.770a24b9.js} | 2 +- ...1d4ee.b73b13a8.js => e431d4ee.579a2d54.js} | 2 +- assets/js/e483f3c9.0fe10853.js | 1 + assets/js/e4b5e952.e07d35ea.js | 1 + ...ee9c3.6fe548e2.js => e50ee9c3.583d9b4f.js} | 2 +- assets/js/e6339806.74e3ab9e.js | 1 + assets/js/e7acee98.c43baf84.js | 1 + ...d2f4d.3bd9a6e2.js => e89d2f4d.86d9ad80.js} | 2 +- ...fc8c6.109566e2.js => e9efc8c6.8b4603cb.js} | 2 +- ...52154.83a804c8.js => ebf52154.00a138ef.js} | 2 +- ...fa214.6b477a36.js => ec9fa214.acec8efc.js} | 2 +- assets/js/f060f65c.885f3431.js | 1 + ...b6af8.b0d890fe.js => f14b6af8.c00ddf23.js} | 2 +- assets/js/f2761eee.e2f13d2b.js | 1 + ...7fdc1.2476dd8e.js => f347fdc1.ee18628d.js} | 2 +- ...93a78.a6d77e06.js => f4793a78.a0da4890.js} | 2 +- ...1b716.d6eb5e6c.js => f531b716.2b7ee900.js} | 2 +- assets/js/f59af033.05445760.js | 1 + ...438e5.412a1485.js => f63438e5.30b19c25.js} | 2 +- ...ef323.c92968d0.js => f66ef323.c5d876f2.js} | 2 +- ...48474.360e68bc.js => f6748474.a04324b6.js} | 2 +- ...88408.cf7d1a26.js => f7c88408.d5e385f8.js} | 2 +- ...f1511.9bffbbf9.js => f7cf1511.93078c5d.js} | 2 +- ...13afe.86b19a57.js => f8113afe.be384af5.js} | 2 +- ...09550.4bc5eece.js => f8909550.1a02a79c.js} | 2 +- ...6c575.c3a37dbe.js => fb76c575.c8fbd0b5.js} | 2 +- ...f079d.d063dc4c.js => fbaf079d.2bc17f32.js} | 2 +- ...f914d.c0bd1746.js => fbcf914d.c9d8ac09.js} | 2 +- ...6576e.8d7f4975.js => fd06576e.5bc22487.js} | 2 +- ...6103c.86f887ad.js => fd26103c.898bac9c.js} | 2 +- assets/js/fe67fe92.a4fede24.js | 1 + ...cb35a.a30107b1.js => fe8cb35a.b3def2b9.js} | 2 +- ...5129d.daa62715.js => ffe5129d.5c164eec.js} | 2 +- assets/js/main.434d5c32.js | 2 - assets/js/main.45dcac64.js | 2 + ...CENSE.txt => main.45dcac64.js.LICENSE.txt} | 0 assets/js/runtime~main.2e9d7d9d.js | 1 + assets/js/runtime~main.3ef5658b.js | 1 - bundle-add.html | 12 +-- bundle-diffs.html | 12 +-- cli/fleet-agent.html | 10 +-- cli/fleet-cli/fleet.html | 10 +-- cli/fleet-cli/fleet_apply.html | 10 +-- cli/fleet-cli/fleet_cleanup.html | 10 +-- cli/fleet-cli/fleet_test.html | 10 +-- cli/fleet-controller/fleet-manager.html | 10 +-- cluster-bundles-state.html | 10 +-- cluster-group.html | 12 +-- cluster-registration.html | 12 +-- concepts.html | 12 +-- gitrepo-add.html | 12 +-- gitrepo-content.html | 12 +-- gitrepo-targets.html | 12 +-- imagescan.html | 12 +-- index.html | 10 +-- installation.html | 12 +-- multi-user.html | 12 +-- namespaces.html | 12 +-- quickstart.html | 12 +-- ref-bundle-stages.html | 10 +-- ref-bundle.html | 12 +-- ref-configuration.html | 12 +-- ref-crds.html | 10 +-- ref-fleet-yaml.html | 10 +-- ref-gitrepo.html | 12 +-- ref-registration.html | 12 +-- ref-resources.html | 10 +-- resources-during-deployment.html | 10 +-- search.html | 10 +-- sitemap.xml | 2 +- troubleshooting.html | 12 +-- tut-deployment.html | 12 +-- uninstall.html | 12 +-- webhook.html | 12 +-- 441 files changed, 2087 insertions(+), 1227 deletions(-) create mode 100644 0.9.html create mode 100644 0.9/architecture.html create mode 100644 0.9/bundle-add.html create mode 100644 0.9/bundle-diffs.html create mode 100644 0.9/cli/fleet-agent.html create mode 100644 0.9/cli/fleet-cli/fleet.html create mode 100644 0.9/cli/fleet-cli/fleet_apply.html create mode 100644 0.9/cli/fleet-cli/fleet_cleanup.html create mode 100644 0.9/cli/fleet-cli/fleet_test.html create mode 100644 0.9/cli/fleet-controller/fleet-manager.html create mode 100644 0.9/cluster-bundles-state.html create mode 100644 0.9/cluster-group.html create mode 100644 0.9/cluster-registration.html create mode 100644 0.9/concepts.html create mode 100644 0.9/gitrepo-add.html create mode 100644 0.9/gitrepo-content.html create mode 100644 0.9/gitrepo-targets.html create mode 100644 0.9/imagescan.html create mode 100644 0.9/installation.html create mode 100644 0.9/multi-user.html create mode 100644 0.9/namespaces.html create mode 100644 0.9/quickstart.html create mode 100644 0.9/ref-bundle-stages.html create mode 100644 0.9/ref-bundle.html create mode 100644 0.9/ref-configuration.html create mode 100644 0.9/ref-crds.html create mode 100644 0.9/ref-fleet-yaml.html create mode 100644 0.9/ref-gitrepo.html create mode 100644 0.9/ref-registration.html create mode 100644 0.9/ref-resources.html create mode 100644 0.9/resources-during-deployment.html create mode 100644 0.9/troubleshooting.html create mode 100644 0.9/tut-deployment.html create mode 100644 0.9/uninstall.html create mode 100644 0.9/webhook.html rename assets/js/{01b4035b.171af502.js => 01b4035b.d15f02be.js} (99%) rename assets/js/{0209d9e7.597854d6.js => 0209d9e7.83b2c779.js} (98%) rename assets/js/{0252b8ff.b9d5cb88.js => 0252b8ff.f09f2775.js} (99%) rename assets/js/{0364e902.885227cd.js => 0364e902.7f26374a.js} (98%) rename assets/js/{07db75e5.fdaaf270.js => 07db75e5.50683faf.js} (98%) rename assets/js/{095d9053.4f6c5caa.js => 095d9053.ff8f1ff1.js} (99%) rename assets/js/{0a06c365.1c5ae544.js => 0a06c365.50ec83d7.js} (98%) rename assets/js/{0ab79735.a260535e.js => 0ab79735.8b96b6b7.js} (99%) rename assets/js/{0acb2694.457639cb.js => 0acb2694.894e1f43.js} (97%) rename assets/js/{0bd7b06f.b78f34e7.js => 0bd7b06f.4fc500f6.js} (94%) rename assets/js/{0ce1d2b6.339f038e.js => 0ce1d2b6.2af6a878.js} (99%) rename assets/js/{0db4760e.e4ec5773.js => 0db4760e.22e0da4b.js} (98%) create mode 100644 assets/js/0e3fdb5a.85e6de4c.js rename assets/js/{0e50cd4d.9f4bda82.js => 0e50cd4d.1762ebb5.js} (96%) rename assets/js/{0f38f188.0eca7fcd.js => 0f38f188.33602069.js} (98%) rename assets/js/{10f03480.a7a8fb1f.js => 10f03480.b6d4e5e7.js} (98%) rename assets/js/{11f54a6a.a26f6fa7.js => 11f54a6a.30a304a0.js} (99%) create mode 100644 assets/js/126a9cd0.a737c806.js rename assets/js/{12f4838b.5a96d00e.js => 12f4838b.458eae3f.js} (98%) rename assets/js/{140acae8.6c425118.js => 140acae8.5ef1499d.js} (98%) rename assets/js/{167e2e0a.d0272729.js => 167e2e0a.317675a7.js} (97%) rename assets/js/{170989a3.fd2f77fb.js => 170989a3.13f5c096.js} (97%) create mode 100644 assets/js/18f4f7da.7a62b7d0.js rename assets/js/{1bd61b9d.0b16f103.js => 1bd61b9d.89ff5a35.js} (99%) rename assets/js/{1f14308a.ac059e1a.js => 1f14308a.ca8a114b.js} (97%) rename assets/js/{1f330703.228894e7.js => 1f330703.b099cbf2.js} (98%) rename assets/js/{1f8b8b7b.f5b68231.js => 1f8b8b7b.02d2b164.js} (96%) rename assets/js/{1fec2b35.73264e50.js => 1fec2b35.5aa52915.js} (96%) rename assets/js/{20889235.cc4e01e4.js => 20889235.d0ac9730.js} (97%) rename assets/js/{21d02ecb.df14eb76.js => 21d02ecb.fca633e5.js} (98%) rename assets/js/{22b369d5.e77b22ec.js => 22b369d5.8be4e519.js} (96%) rename assets/js/{246340c6.34327f0b.js => 246340c6.3f1c724e.js} (98%) rename assets/js/{250ffcdd.8c2c87ef.js => 250ffcdd.b971ee22.js} (95%) rename assets/js/{2579085f.f209420e.js => 2579085f.d7d70f0c.js} (99%) rename assets/js/{2938f7a2.4953deae.js => 2938f7a2.0498a3d4.js} (97%) create mode 100644 assets/js/2a9b5780.8c824699.js rename assets/js/{2c86db16.1e09bfe9.js => 2c86db16.00eb8bef.js} (98%) rename assets/js/{2d618eff.69f5553f.js => 2d618eff.ca23dff7.js} (99%) rename assets/js/{2dc49bc9.72a2b5d8.js => 2dc49bc9.ceea9191.js} (97%) create mode 100644 assets/js/300dc0ad.6c146903.js rename assets/js/{32a14031.69439c2e.js => 32a14031.3c279e0f.js} (98%) rename assets/js/{32c7bf40.8fad3bc1.js => 32c7bf40.c9472272.js} (99%) rename assets/js/{340d0560.d960d7b6.js => 340d0560.3768fb1d.js} (95%) rename assets/js/{34a3c1ae.ad7ad99f.js => 34a3c1ae.9b4c716b.js} (99%) rename assets/js/{34c1e1e7.93149a17.js => 34c1e1e7.29c6cf31.js} (89%) rename assets/js/{34eb4307.4cb353fb.js => 34eb4307.6d5c217a.js} (98%) create mode 100644 assets/js/370ac30b.126fb5ac.js rename assets/js/{3718f698.347ad05b.js => 3718f698.1144f2fa.js} (97%) rename assets/js/{39f5e362.f97cecfd.js => 39f5e362.46100ac8.js} (86%) create mode 100644 assets/js/3a0e6d91.dbc8e9e0.js rename assets/js/{3a2a2cbe.6252fd86.js => 3a2a2cbe.7caaa130.js} (98%) rename assets/js/{3b8c55ea.1dfd7906.js => 3b8c55ea.672063eb.js} (99%) rename assets/js/{3d7b86e7.bedd888b.js => 3d7b86e7.c1c80a97.js} (95%) rename assets/js/{4177aba1.1b7c8753.js => 4177aba1.c47f8c88.js} (98%) create mode 100644 assets/js/41b31679.db15244a.js rename assets/js/{45a5cd1f.13f44d76.js => 45a5cd1f.a626969d.js} (99%) rename assets/js/{46c9c1f8.d15d725c.js => 46c9c1f8.c6754282.js} (97%) rename assets/js/{49af6a86.a71ce589.js => 49af6a86.fa91e501.js} (98%) rename assets/js/{4ccb6852.89449847.js => 4ccb6852.6542ce14.js} (97%) rename assets/js/{4fac8f87.82df6c12.js => 4fac8f87.627eda28.js} (97%) rename assets/js/{504a9fc5.81855c6f.js => 504a9fc5.b64e5b1d.js} (98%) rename assets/js/{50b0676a.0ce199fa.js => 50b0676a.bc7e1b71.js} (97%) rename assets/js/{5176c92e.92f89004.js => 5176c92e.43387669.js} (96%) rename assets/js/{522d95f1.b43b0198.js => 522d95f1.0913ec93.js} (99%) rename assets/js/{5281b7a2.5a0747cb.js => 5281b7a2.8839f94e.js} (97%) rename assets/js/{5379b7b3.f5fc88d6.js => 5379b7b3.352ed73a.js} (96%) rename assets/js/{5388fcb8.5bbfa708.js => 5388fcb8.69d5d6c2.js} (95%) rename assets/js/{53c8b813.8dc5ef51.js => 53c8b813.a89641b5.js} (97%) rename assets/js/{53da1243.dbb56b10.js => 53da1243.190d6a16.js} (99%) create mode 100644 assets/js/58cc1d6e.73f8939c.js rename assets/js/{5a165616.8052336c.js => 5a165616.c6596bcc.js} (98%) create mode 100644 assets/js/5b0cdfa3.2099f630.js create mode 100644 assets/js/5b7f8ae0.07f9d4fb.js rename assets/js/{5ff573a6.160fcbbf.js => 5ff573a6.c1bea08d.js} (99%) rename assets/js/{60bcd92c.79aeddd9.js => 60bcd92c.9b8b824c.js} (99%) create mode 100644 assets/js/60c2c817.daacf9b4.js rename assets/js/{612623d2.185ddb0a.js => 612623d2.fc39007f.js} (98%) rename assets/js/{62bbc60f.7450f343.js => 62bbc60f.e420622c.js} (98%) rename assets/js/{6349fbc0.bb7a998f.js => 6349fbc0.22dd4e83.js} (99%) rename assets/js/{635f26b6.e35f3778.js => 635f26b6.96e5c51b.js} (99%) rename assets/js/{63e62f73.11e91c68.js => 63e62f73.254ef863.js} (98%) rename assets/js/{64b4770e.3dd62aa7.js => 64b4770e.36c7c6ad.js} (99%) rename assets/js/{680ed9ed.f4cfcda7.js => 680ed9ed.565a98e9.js} (98%) create mode 100644 assets/js/69dd637e.a513c275.js rename assets/js/{6a840bac.d11531d5.js => 6a840bac.4fb3c915.js} (98%) create mode 100644 assets/js/6c233221.09b16dbb.js rename assets/js/{6cbe47eb.4b6b6210.js => 6cbe47eb.06b715f3.js} (96%) rename assets/js/{6cf4c0df.8cd43b8a.js => 6cf4c0df.bb59b79e.js} (98%) create mode 100644 assets/js/6e869bec.4937ebe1.js rename assets/js/{6faa62d7.6017ac95.js => 6faa62d7.a102ce40.js} (95%) rename assets/js/{702cd497.8760b326.js => 702cd497.ce8f3a3c.js} (97%) rename assets/js/{7292ec22.d60b71d2.js => 7292ec22.1ddc45dd.js} (97%) rename assets/js/{755aca7b.bf4c4de2.js => 755aca7b.44afc5af.js} (98%) rename assets/js/{762abe3e.7869f59a.js => 762abe3e.3018aab3.js} (99%) rename assets/js/{7712976a.824ecded.js => 7712976a.dad13f43.js} (99%) rename assets/js/{77fc540a.c30b83cb.js => 77fc540a.2810ce60.js} (96%) rename assets/js/{7a815aed.f559bfd0.js => 7a815aed.e4184f59.js} (98%) rename assets/js/{7b64d2e8.32700a39.js => 7b64d2e8.1b5f3a19.js} (98%) create mode 100644 assets/js/7c4790a0.13e86a05.js rename assets/js/{7c5d32d8.6f425bf3.js => 7c5d32d8.c95c0296.js} (86%) rename assets/js/{7f3d36ad.cb47f044.js => 7f3d36ad.7136c11a.js} (98%) create mode 100644 assets/js/8003b96f.0495e73a.js rename assets/js/{8070e160.e7b2c56f.js => 8070e160.5e336099.js} (98%) rename assets/js/{82782dff.e789273b.js => 82782dff.f7feaec1.js} (97%) rename assets/js/{8307bb82.7165b2e8.js => 8307bb82.c0af9b90.js} (98%) rename assets/js/{834808ff.d4396567.js => 834808ff.a6e71b72.js} (98%) rename assets/js/{847b3bc4.12c61fdf.js => 847b3bc4.b01e9f0a.js} (96%) rename assets/js/{857d18b5.36e065c7.js => 857d18b5.9e2f9018.js} (99%) rename assets/js/{87469ac3.d5a34b8c.js => 87469ac3.b088fff5.js} (99%) rename assets/js/{88f3f33f.8374b039.js => 88f3f33f.373f8419.js} (97%) rename assets/js/{8eb509d6.136c4a74.js => 8eb509d6.ed8db67c.js} (96%) rename assets/js/{8ff6a575.5244f4ae.js => 8ff6a575.c8248d99.js} (99%) rename assets/js/{904bb95d.10868f91.js => 904bb95d.ca3145f2.js} (98%) rename assets/js/{909a121f.2d6bf677.js => 909a121f.2017447c.js} (99%) rename assets/js/{922074e2.8a31945b.js => 922074e2.5c806b33.js} (98%) rename assets/js/{9533a6b7.f97f63ac.js => 9533a6b7.46042115.js} (98%) rename assets/js/{95a72457.7bbfbc02.js => 95a72457.c560a611.js} (98%) rename assets/js/{963c03f5.4418c6a5.js => 963c03f5.9438a1ce.js} (98%) rename assets/js/{96465f27.86304607.js => 96465f27.9930e371.js} (99%) rename assets/js/{97c3cd43.b9572569.js => 97c3cd43.ee11b536.js} (97%) create mode 100644 assets/js/97d7d53e.d4b21535.js rename assets/js/{984cdf04.5dcbd17d.js => 984cdf04.0a56d350.js} (99%) rename assets/js/{9c942e60.4065f1ad.js => 9c942e60.d9833131.js} (97%) rename assets/js/{9d91368e.d857c116.js => 9d91368e.ad4797ca.js} (97%) rename assets/js/{9d9f8394.46e62662.js => 9d9f8394.5470cbbb.js} (99%) rename assets/js/{9db89767.bf1691eb.js => 9db89767.1e273152.js} (98%) create mode 100644 assets/js/9fc6df8f.f3e00348.js rename assets/js/{a06c6d5b.6ba3a209.js => a06c6d5b.8a6e5168.js} (99%) rename assets/js/{a2c468b1.5865e1b0.js => a2c468b1.2d6ddbd7.js} (99%) rename assets/js/{a60f0c4b.5595a33a.js => a60f0c4b.aa049d64.js} (97%) rename assets/js/{a8ca5d11.6f76769c.js => a8ca5d11.4d6b8753.js} (94%) create mode 100644 assets/js/a947fe06.7e38c425.js rename assets/js/{a9e7f6cd.22233c8f.js => a9e7f6cd.333808f6.js} (98%) rename assets/js/{ab0c1f88.f6ab6341.js => ab0c1f88.12ff5c4a.js} (96%) create mode 100644 assets/js/ab68c950.34eb6063.js rename assets/js/{aba71817.f4532482.js => aba71817.4b59f33e.js} (50%) rename assets/js/{abf95bb4.aa69cd06.js => abf95bb4.9277d163.js} (97%) rename assets/js/{ae2335f3.6ed040ba.js => ae2335f3.bc55c174.js} (99%) rename assets/js/{aee07340.5c8f1561.js => aee07340.647fe1f7.js} (98%) rename assets/js/{af10d9fb.b921adb6.js => af10d9fb.221047c7.js} (98%) rename assets/js/{af48bdba.c350920a.js => af48bdba.2875e1c7.js} (96%) create mode 100644 assets/js/afc4945b.fe7ee9fc.js create mode 100644 assets/js/b0423865.a1620667.js rename assets/js/{b2456c44.ce6230bd.js => b2456c44.7ac81ca7.js} (99%) rename assets/js/{b283d2e2.03880b94.js => b283d2e2.e6765971.js} (98%) rename assets/js/{b32c755c.9f35a2cd.js => b32c755c.6c92acdd.js} (99%) rename assets/js/{b60b3bd8.3b97e24a.js => b60b3bd8.b0d16de8.js} (96%) rename assets/js/{b7ae13b2.8bf81870.js => b7ae13b2.c3395cfe.js} (96%) rename assets/js/{b8f3160f.d994919e.js => b8f3160f.57fd4e62.js} (99%) rename assets/js/{b9a03c38.6e2b5b62.js => b9a03c38.1826b2ee.js} (98%) create mode 100644 assets/js/bcd76598.3b29350b.js rename assets/js/{bd465781.273a7b00.js => bd465781.220a210e.js} (97%) rename assets/js/{c1eb0b52.0653eee2.js => c1eb0b52.72d869e3.js} (98%) create mode 100644 assets/js/c234ba49.ef43c547.js rename assets/js/{c2bab82f.8a65a80e.js => c2bab82f.5afbe212.js} (99%) rename assets/js/{c377a04b.f0c7c418.js => c377a04b.0a97d2a2.js} (97%) rename assets/js/{c3dfc33d.6df975ea.js => c3dfc33d.528997e6.js} (97%) rename assets/js/{c67695e7.d5cab442.js => c67695e7.bf9a42e4.js} (73%) rename assets/js/{c6aa770e.d7636b0b.js => c6aa770e.218ee5ae.js} (98%) rename assets/js/{c7381d34.454124c5.js => c7381d34.769d6b9e.js} (99%) rename assets/js/{c916adcd.a7125a80.js => c916adcd.1c56eb73.js} (98%) rename assets/js/{cd0bf424.e58b70f9.js => cd0bf424.21be499d.js} (97%) rename assets/js/{cd323ffc.6acfaec3.js => cd323ffc.c1c081ba.js} (98%) rename assets/js/{ce48e831.a7e19849.js => ce48e831.4f4e45b2.js} (98%) rename assets/js/{ce534227.b1607e30.js => ce534227.63d8a217.js} (97%) rename assets/js/{cf6f5f9b.ca6afa57.js => cf6f5f9b.b8a6fdc4.js} (98%) create mode 100644 assets/js/d0180ce2.4e89d86a.js rename assets/js/{d277059e.ec478cd9.js => d277059e.fcf4ab98.js} (97%) rename assets/js/{d3d84dd8.21642056.js => d3d84dd8.1003b5aa.js} (96%) rename assets/js/{d3d9887a.c9192881.js => d3d9887a.eb8783ea.js} (99%) create mode 100644 assets/js/d53097a5.45662c89.js rename assets/js/{d6daf0cc.26f45219.js => d6daf0cc.8051d991.js} (98%) rename assets/js/{d8f58335.8840a095.js => d8f58335.c60e5867.js} (98%) rename assets/js/{da21831e.694ed82f.js => da21831e.b64bcb98.js} (98%) rename assets/js/{db0ebd24.44917f60.js => db0ebd24.6e1441f3.js} (98%) rename assets/js/{dd67116e.097f1b82.js => dd67116e.db1849d8.js} (97%) rename assets/js/{dd81469d.5be4f5a7.js => dd81469d.1bf071ff.js} (97%) rename assets/js/{de08e76e.e5e28e2c.js => de08e76e.f584daba.js} (99%) create mode 100644 assets/js/de69e49e.08d8f0f9.js rename assets/js/{dfa3dc49.6805eef0.js => dfa3dc49.15ac5677.js} (99%) rename assets/js/{e0636556.f0c5c6d5.js => e0636556.2c4ce784.js} (98%) rename assets/js/{e252aa27.87801736.js => e252aa27.44bf2fa3.js} (97%) rename assets/js/{e348fb9e.a6987daf.js => e348fb9e.3d43ae6a.js} (95%) rename assets/js/{e35f16a8.58d512c4.js => e35f16a8.c7bf3f03.js} (96%) rename assets/js/{e3aa6547.088851d9.js => e3aa6547.770a24b9.js} (97%) rename assets/js/{e431d4ee.b73b13a8.js => e431d4ee.579a2d54.js} (99%) create mode 100644 assets/js/e483f3c9.0fe10853.js create mode 100644 assets/js/e4b5e952.e07d35ea.js rename assets/js/{e50ee9c3.6fe548e2.js => e50ee9c3.583d9b4f.js} (97%) create mode 100644 assets/js/e6339806.74e3ab9e.js create mode 100644 assets/js/e7acee98.c43baf84.js rename assets/js/{e89d2f4d.3bd9a6e2.js => e89d2f4d.86d9ad80.js} (96%) rename assets/js/{e9efc8c6.109566e2.js => e9efc8c6.8b4603cb.js} (99%) rename assets/js/{ebf52154.83a804c8.js => ebf52154.00a138ef.js} (91%) rename assets/js/{ec9fa214.6b477a36.js => ec9fa214.acec8efc.js} (98%) create mode 100644 assets/js/f060f65c.885f3431.js rename assets/js/{f14b6af8.b0d890fe.js => f14b6af8.c00ddf23.js} (97%) create mode 100644 assets/js/f2761eee.e2f13d2b.js rename assets/js/{f347fdc1.2476dd8e.js => f347fdc1.ee18628d.js} (98%) rename assets/js/{f4793a78.a6d77e06.js => f4793a78.a0da4890.js} (97%) rename assets/js/{f531b716.d6eb5e6c.js => f531b716.2b7ee900.js} (96%) create mode 100644 assets/js/f59af033.05445760.js rename assets/js/{f63438e5.412a1485.js => f63438e5.30b19c25.js} (98%) rename assets/js/{f66ef323.c92968d0.js => f66ef323.c5d876f2.js} (99%) rename assets/js/{f6748474.360e68bc.js => f6748474.a04324b6.js} (96%) rename assets/js/{f7c88408.cf7d1a26.js => f7c88408.d5e385f8.js} (98%) rename assets/js/{f7cf1511.9bffbbf9.js => f7cf1511.93078c5d.js} (99%) rename assets/js/{f8113afe.86b19a57.js => f8113afe.be384af5.js} (91%) rename assets/js/{f8909550.4bc5eece.js => f8909550.1a02a79c.js} (98%) rename assets/js/{fb76c575.c3a37dbe.js => fb76c575.c8fbd0b5.js} (98%) rename assets/js/{fbaf079d.d063dc4c.js => fbaf079d.2bc17f32.js} (98%) rename assets/js/{fbcf914d.c0bd1746.js => fbcf914d.c9d8ac09.js} (97%) rename assets/js/{fd06576e.8d7f4975.js => fd06576e.5bc22487.js} (98%) rename assets/js/{fd26103c.86f887ad.js => fd26103c.898bac9c.js} (98%) create mode 100644 assets/js/fe67fe92.a4fede24.js rename assets/js/{fe8cb35a.a30107b1.js => fe8cb35a.b3def2b9.js} (97%) rename assets/js/{ffe5129d.daa62715.js => ffe5129d.5c164eec.js} (89%) delete mode 100644 assets/js/main.434d5c32.js create mode 100644 assets/js/main.45dcac64.js rename assets/js/{main.434d5c32.js.LICENSE.txt => main.45dcac64.js.LICENSE.txt} (100%) create mode 100644 assets/js/runtime~main.2e9d7d9d.js delete mode 100644 assets/js/runtime~main.3ef5658b.js diff --git a/0.4.html b/0.4.html index 368594746..c2794c2dd 100644 --- a/0.4.html +++ b/0.4.html @@ -4,13 +4,13 @@ Overview | Fleet - - + +
-
Skip to main content
Version: 0.4

Overview

What is Fleet?​

  • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

  • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

Configuration Management​

Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +
Skip to main content
Version: 0.4

Overview

What is Fleet?​

  • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

  • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

Configuration Management​

Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

+ + \ No newline at end of file diff --git a/0.4/advanced-users.html b/0.4/advanced-users.html index 4b15f9047..3eff86659 100644 --- a/0.4/advanced-users.html +++ b/0.4/advanced-users.html @@ -4,13 +4,13 @@ Advanced Users | Fleet - - + +
-
Skip to main content
Version: 0.4

Advanced Users

Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

The following are examples of advanced use cases:

Please refer to the installation and the uninstall documentation for additional information.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +
Skip to main content
Version: 0.4

Advanced Users

Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

The following are examples of advanced use cases:

Please refer to the installation and the uninstall documentation for additional information.

+ + \ No newline at end of file diff --git a/0.4/agent-initiated.html b/0.4/agent-initiated.html index 374d21d71..180038aeb 100644 --- a/0.4/agent-initiated.html +++ b/0.4/agent-initiated.html @@ -4,12 +4,12 @@ Agent Initiated | Fleet - - + +
-
Skip to main content
Version: 0.4

Agent Initiated

Refer to the overview page for a background information on the agent initiated registration style.

Cluster Registration Token and Client ID​

A downstream cluster is registered using the cluster registration token and optionally a client ID or cluster labels.

The cluster registration token is a credential that will authorize the downstream cluster agent to be +

Version: 0.4

Agent Initiated

Refer to the overview page for a background information on the agent initiated registration style.

Cluster Registration Token and Client ID​

A downstream cluster is registered using the cluster registration token and optionally a client ID or cluster labels.

The cluster registration token is a credential that will authorize the downstream cluster agent to be able to initiate the registration process. This is required. Refer to the cluster registration token page for more information on how to create tokens and obtain the values. The cluster registration token is manifested as a values.yaml file that will be passed to the helm install process.

There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which @@ -39,8 +39,8 @@ For the agent chart the namespace must be cattle-fleet-system and t Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context to change which cluster Helm is installing to.

Finally, install the agent using Helm.

helm -n cattle-fleet-system install --create-namespace --wait \
    --set clientID="$CLUSTER_CLIENT_ID" \
    --values values.yaml \
    fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-v0.4.1.tgz

The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

# Ensure kubectl is pointing to the right cluster
kubectl -n cattle-fleet-system logs -l app=fleet-agent
kubectl -n cattle-fleet-system get pods -l app=fleet-agent

Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet -manager to run this command.

kubectl -n clusters get clusters.fleet.cattle.io
NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +manager to run this command.

kubectl -n clusters get clusters.fleet.cattle.io
NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
+ + \ No newline at end of file diff --git a/0.4/architecture.html b/0.4/architecture.html index d9a38e6d8..3b240eedc 100644 --- a/0.4/architecture.html +++ b/0.4/architecture.html @@ -4,12 +4,12 @@ Architecture | Fleet - - + +
-
Skip to main content
Version: 0.4

Architecture

Fleet has two primary components. The Fleet manager and the cluster agents. These +

Version: 0.4

Architecture

Fleet has two primary components. The Fleet manager and the cluster agents. These components work in a two-stage pull model. The Fleet manager will pull from git and the cluster agents will pull from the Fleet manager.

Fleet Manager​

The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes cluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +subresource of it's Cluster resource.

+ + \ No newline at end of file diff --git a/0.4/bundle-diffs.html b/0.4/bundle-diffs.html index 92311da5c..0a71150a3 100644 --- a/0.4/bundle-diffs.html +++ b/0.4/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs for Modified GitRepos | Fleet - - + +
-
Skip to main content
Version: 0.4

Generating Diffs for Modified GitRepos

Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

This leads the status of the bundle and associated GitRepo to be reported as "Modified"

Associated Bundle -

Fleet bundles support the ability to specify a custom jsonPointer patch.

With the patch, users can instruct fleet to ignore object modifications.

In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

In our case the differences detected are as follows:

  summary:
    desiredReady: 1
    modified: 1
    nonReadyResources:
    - bundleState: Modified
      modifiedStatus:
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

Based on this summary, there are three objects which need to be patched.

We will look at these one at a time.

1. ValidatingWebhookConfiguration:​

The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

From this information, we can see the two ValidatingWebhooks in question are:

  "$setElementOrder/webhooks": [
    {
      "name": "validation.gatekeeper.sh"
    },
    {
      "name": "check-ignore-label.gatekeeper.sh"
    }
  ],

Within each ValidatingWebhook, the fields that need to be ignore are as follows:

    {
      "clientConfig": {
        "caBundle": "Cg=="
      },
      "name": "validation.gatekeeper.sh",
      "rules": [
        {
          "apiGroups": [
            "*"
          ],
          "apiVersions": [
            "*"
          ],
          "operations": [
            "CREATE",
            "UPDATE"
          ],
          "resources": [
            "*"
          ]
        }
      ]
    },

and 

    {
     "clientConfig": {
       "caBundle": "Cg=="
     },
     "name": "check-ignore-label.gatekeeper.sh",
     "rules": [
       {
         "apiGroups": [
           ""
         ],
         "apiVersions": [
           "*"
         ],
         "operations": [
           "CREATE",
           "UPDATE"
         ],
         "resources": [
           "namespaces"
         ]
       }
     ]
   }

In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

Based on this information, our diff patch would look as follows:

  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

2. Deployment gatekeeper-controller-manager:​

The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

3. Deployment gatekeeper-audit:​

The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

Combining It All Together​

We can now combine all these patches as follows:

diff:
  comparePatches:
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

Once these are added, the GitRepo should deploy and be in "Active" status.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +
Skip to main content
Version: 0.4

Generating Diffs for Modified GitRepos

Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

This leads the status of the bundle and associated GitRepo to be reported as "Modified"

Associated Bundle +

Fleet bundles support the ability to specify a custom jsonPointer patch.

With the patch, users can instruct fleet to ignore object modifications.

In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

In our case the differences detected are as follows:

  summary:
    desiredReady: 1
    modified: 1
    nonReadyResources:
    - bundleState: Modified
      modifiedStatus:
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

Based on this summary, there are three objects which need to be patched.

We will look at these one at a time.

1. ValidatingWebhookConfiguration:​

The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

From this information, we can see the two ValidatingWebhooks in question are:

  "$setElementOrder/webhooks": [
    {
      "name": "validation.gatekeeper.sh"
    },
    {
      "name": "check-ignore-label.gatekeeper.sh"
    }
  ],

Within each ValidatingWebhook, the fields that need to be ignore are as follows:

    {
      "clientConfig": {
        "caBundle": "Cg=="
      },
      "name": "validation.gatekeeper.sh",
      "rules": [
        {
          "apiGroups": [
            "*"
          ],
          "apiVersions": [
            "*"
          ],
          "operations": [
            "CREATE",
            "UPDATE"
          ],
          "resources": [
            "*"
          ]
        }
      ]
    },

and 

    {
     "clientConfig": {
       "caBundle": "Cg=="
     },
     "name": "check-ignore-label.gatekeeper.sh",
     "rules": [
       {
         "apiGroups": [
           ""
         ],
         "apiVersions": [
           "*"
         ],
         "operations": [
           "CREATE",
           "UPDATE"
         ],
         "resources": [
           "namespaces"
         ]
       }
     ]
   }

In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

Based on this information, our diff patch would look as follows:

  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

2. Deployment gatekeeper-controller-manager:​

The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

3. Deployment gatekeeper-audit:​

The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

{
  "spec": {
    "template": {
      "spec": {
        "$setElementOrder/containers": [
          {
            "name": "manager"
          }
        ],
        "containers": [
          {
            "name": "manager",
            "resources": {
              "limits": {
                "cpu": "1000m"
              }
            }
          }
        ],
        "tolerations": []
      }
    }
  }
}

Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

Based on this information, our diff patch would look as follows:

  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}

Combining It All Together​

We can now combine all these patches as follows:

diff:
  comparePatches:
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-audit
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: apps/v1
    kind: Deployment
    name: gatekeeper-controller-manager
    namespace: cattle-gatekeeper-system
    operations:
    - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
    - {"op": "remove", "path": "/spec/template/spec/tolerations"}
  - apiVersion: admissionregistration.k8s.io/v1
    kind: ValidatingWebhookConfiguration
    name: gatekeeper-validating-webhook-configuration
    operations:
    - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/0/rules"}
    - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
    - {"op": "remove", "path":"/webhooks/1/rules"}

We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

Once these are added, the GitRepo should deploy and be in "Active" status.

+ + \ No newline at end of file diff --git a/0.4/cluster-bundles-state.html b/0.4/cluster-bundles-state.html index c165618be..2652ad1f3 100644 --- a/0.4/cluster-bundles-state.html +++ b/0.4/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle state | Fleet - - + +
-
Skip to main content
Version: 0.4

Cluster and Bundle state

Clusters and Bundles have different states in each phase of applying Bundles.

Bundles​

Ready: Bundles have been deployed and all resources are ready.

NotReady: Bundles have been deployed and some resources are not ready.

WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

Pending: Bundles are being processed by Fleet controller.

Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

Clusters​

WaitCheckIn: Waiting for agent to report registration information and cluster status back.

NotReady: There are bundles in this cluster that are in NotReady state.

WaitApplied: There are bundles in this cluster that are in WaitApplied state.

ErrApplied: There are bundles in this cluster that are in ErrApplied state.

OutOfSync: There are bundles in this cluster that are in OutOfSync state.

Pending: There are bundles in this cluster that are in Pending state.

Modified: There are bundles in this cluster that are in Modified state.

Ready: Bundles in this cluster have been deployed and all resources are ready.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +
Skip to main content
Version: 0.4

Cluster and Bundle state

Clusters and Bundles have different states in each phase of applying Bundles.

Bundles​

Ready: Bundles have been deployed and all resources are ready.

NotReady: Bundles have been deployed and some resources are not ready.

WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

Pending: Bundles are being processed by Fleet controller.

Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

Clusters​

WaitCheckIn: Waiting for agent to report registration information and cluster status back.

NotReady: There are bundles in this cluster that are in NotReady state.

WaitApplied: There are bundles in this cluster that are in WaitApplied state.

ErrApplied: There are bundles in this cluster that are in ErrApplied state.

OutOfSync: There are bundles in this cluster that are in OutOfSync state.

Pending: There are bundles in this cluster that are in Pending state.

Modified: There are bundles in this cluster that are in Modified state.

Ready: Bundles in this cluster have been deployed and all resources are ready.

+ + \ No newline at end of file diff --git a/0.4/cluster-group.html b/0.4/cluster-group.html index ec486fb9f..738f90970 100644 --- a/0.4/cluster-group.html +++ b/0.4/cluster-group.html @@ -4,17 +4,17 @@ Cluster Groups | Fleet - - + +
-
Skip to main content
Version: 0.4

Cluster Groups

Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. +

Version: 0.4

Cluster Groups

Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

A cluster group is created by creating a ClusterGroup resource like below

kind: ClusterGroup
apiVersion: fleet.cattle.io/v1alpha1
metadata:
  name: production-group
  namespace: clusters
spec:
  # This is the standard metav1.LabelSelector format to match clusters by labels
  selector:
    matchLabels:
      env: prod
Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +status of the deployments and then also a simpler way to manage targets.

A cluster group is created by creating a ClusterGroup resource like below

kind: ClusterGroup
apiVersion: fleet.cattle.io/v1alpha1
metadata:
  name: production-group
  namespace: clusters
spec:
  # This is the standard metav1.LabelSelector format to match clusters by labels
  selector:
    matchLabels:
      env: prod
+ + \ No newline at end of file diff --git a/0.4/cluster-overview.html b/0.4/cluster-overview.html index 42040dbdb..ed47730bd 100644 --- a/0.4/cluster-overview.html +++ b/0.4/cluster-overview.html @@ -4,12 +4,12 @@ Overview | Fleet - - + +
-
Skip to main content
Version: 0.4

Overview

There are two specific styles to registering clusters. These styles will be referred +

Version: 0.4

Overview

There are two specific styles to registering clusters. These styles will be referred to as agent initiated and manager initiated registration. Typically one would go with the agent initiated registration but there are specific use cases in which manager initiated is a better workflow.

Agent Initiated Registration​

Agent initiated refers to a pattern in which the downstream cluster installs an agent with a @@ -24,8 +24,8 @@ manager must be able to communicate with the downstream cluster API server for t After the cluster is registered there is no further need for the manager to contact the downstream cluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes clusters through GitOps using something like cluster-api -or Rancher.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +or Rancher.

+ + \ No newline at end of file diff --git a/0.4/cluster-tokens.html b/0.4/cluster-tokens.html index 5583551b2..686f01418 100644 --- a/0.4/cluster-tokens.html +++ b/0.4/cluster-tokens.html @@ -4,12 +4,12 @@ Cluster Registration Tokens | Fleet - - + +
-
Skip to main content
Version: 0.4

Cluster Registration Tokens

info

Not needed for Manager initiated registration: +

Version: 0.4

Cluster Registration Tokens

info

Not needed for Manager initiated registration: For manager initiated registrations the token is managed by the Fleet manager and does not need to be manually created and obtained.

For an agent initiated registration the downstream cluster must have a cluster registration token. Cluster registration tokens are used to establish a new identity for a cluster. Internally @@ -26,8 +26,8 @@ are used in Fleet refer to the documentation on namesp token with the below YAML.

kind: ClusterRegistrationToken
apiVersion: "fleet.cattle.io/v1alpha1"
metadata:
    name: new-token
    namespace: clusters
spec:
    # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
    ttl: 240h

After the ClusterRegistrationToken is created, Fleet will create a corresponding Secret with the same name. As the Secret creation is performed asynchronously, you will need to wait until it's available before using it.

One way to do so is via the following one-liner:

while ! kubectl --namespace=clusters  get secret new-token; do sleep 5; done

Obtaining Token Value (Agent values.yaml)​

The token value contains YAML content for a values.yaml file that is expected to be passed to helm install to install the Fleet agent on a downstream cluster.

Such value is contained in the values field of the Secret mentioned above. To obtain the YAML content for the -above example one can run the following one-liner:

kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +above example one can run the following one-liner:

kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
+ + \ No newline at end of file diff --git a/0.4/concepts.html b/0.4/concepts.html index c13354747..a89b73acc 100644 --- a/0.4/concepts.html +++ b/0.4/concepts.html @@ -4,12 +4,12 @@ Core Concepts | Fleet - - + +
-
Skip to main content
Version: 0.4

Core Concepts

Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers +

Version: 0.4

Core Concepts

Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers to manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters.

info

For more on the naming conventions of CRDs, click here.

Below are some of the concepts of Fleet that will be useful throughout this documentation:

  • Fleet Manager: The centralized component that orchestrates the deployments of Kubernetes assets from git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a single cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps.
  • Fleet controller: The controller(s) running on the Fleet manager orchestrating GitOps. In practice, @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

    • To see the lifecycle of a bundle, click here.

  • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

Copyright © 2023 SUSE Rancher. All Rights Reserved.
- - +the cluster the agent is managing.

  • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • + + \ No newline at end of file diff --git a/0.4/examples.html b/0.4/examples.html index 3479f1e79..4474dd8b3 100644 --- a/0.4/examples.html +++ b/0.4/examples.html @@ -4,14 +4,14 @@ Examples | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.4

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations +of the three are in the Fleet Examples repo.

    + + \ No newline at end of file diff --git a/0.4/gitrepo-add.html b/0.4/gitrepo-add.html index 02346bde7..a5aaca6e1 100644 --- a/0.4/gitrepo-add.html +++ b/0.4/gitrepo-add.html @@ -4,15 +4,15 @@ Adding a GitRepo | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer +

    Version: 0.4

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer to the inline comments as the means of each field

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. -Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    + + \ No newline at end of file diff --git a/0.4/gitrepo-structure.html b/0.4/gitrepo-structure.html index 87ae59ce6..a1899c7f7 100644 --- a/0.4/gitrepo-structure.html +++ b/0.4/gitrepo-structure.html @@ -4,12 +4,12 @@ Expected Repo Structure | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Expected Repo Structure

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. +

    Version: 0.4

    Expected Repo Structure

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. Bundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not specified within fleet.yaml it is generated from GitRepo.name + path. Long names are truncated and a -<hash> prefix is added.

    The git repository has no explicitly required structure. It is important to realize the scanned resources will be saved as a resource in Kubernetes so @@ -43,8 +43,8 @@ the contents a file the convention of adding _patch. (notice the tr will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    + + \ No newline at end of file diff --git a/0.4/gitrepo-targets.html b/0.4/gitrepo-targets.html index b009e4c18..ba90a0df2 100644 --- a/0.4/gitrepo-targets.html +++ b/0.4/gitrepo-targets.html @@ -4,12 +4,12 @@ Mapping to Downstream Clusters | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Mapping to Downstream Clusters

    info

    Multi-cluster Only: +

    Version: 0.4

    Mapping to Downstream Clusters

    info

    Multi-cluster Only: This approach only applies if you are running Fleet in a multi-cluster style

    When deploying GitRepos to downstream clusters the clusters must be mapped to a target.

    Defining targets​

    The deployment targets of GitRepo is done using the spec.targets field to match clusters or cluster groups. The YAML specification is as below.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: myrepo
      namespace: clusters
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - simple

      # Targets are evaluated in order and the first one to match is used. If
      # no targets match then the evaluated cluster will not be deployed to.
      targets:
      # The name of target. This value is largely for display and logging.
      # If not specified a default name of the format "target000" will be used
      - name: prod
        # A selector used to match clusters.  The structure is the standard
        # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
        # clusterSelector will be used only to further refine the selection after
        # clusterGroupSelector and clusterGroup is evaluated.
        clusterSelector:
          matchLabels:
            env: prod
        # A selector used to match cluster groups.
        clusterGroupSelector:
          matchLabels:
            region: us-east
        # A specific clusterGroup by name that will be selected
        clusterGroup: group1

    Target Matching​

    All clusters and cluster groups in the same namespace as the GitRepo will be evaluated against all targets. If any of the targets match the cluster then the GitRepo will be deployed to the downstream cluster. If @@ -18,8 +18,8 @@ One can use cluster selectors, cluster group selectors, or an explicit cluster g the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default -and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.4/imagescan.html b/0.4/imagescan.html index f9553bebc..e5bd79068 100644 --- a/0.4/imagescan.html +++ b/0.4/imagescan.html @@ -4,15 +4,15 @@ Image scan | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, +

    Version: 0.4

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    + + \ No newline at end of file diff --git a/0.4/installation.html b/0.4/installation.html index dea5f08ba..8d07a6061 100644 --- a/0.4/installation.html +++ b/0.4/installation.html @@ -4,17 +4,17 @@ Installation | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Installation

    The installation is broken up into two different use cases: Single and +

    Version: 0.4

    Installation

    The installation is broken up into two different use cases: Single and Multi-Cluster install. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting -point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +point. After which you can move from single cluster to multi-cluster setup down the line.

    + + \ No newline at end of file diff --git a/0.4/manager-initiated.html b/0.4/manager-initiated.html index d80746e8b..d59eeb985 100644 --- a/0.4/manager-initiated.html +++ b/0.4/manager-initiated.html @@ -4,19 +4,19 @@ Manager Initiated | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Manager Initiated

    Refer to the overview page for a background information on the manager initiated registration style.

    Kubeconfig Secret​

    The manager initiated registration flow is accomplished by creating a +

    Version: 0.4

    Manager Initiated

    Refer to the overview page for a background information on the manager initiated registration style.

    Kubeconfig Secret​

    The manager initiated registration flow is accomplished by creating a Cluster resource in the Fleet Manager that refers to a Kubernetes Secret containing a valid kubeconfig file in the data field called value.

    The format of this secret is intended to match the format of the kubeconfig secret used in cluster-api. This means you can use cluster-api to create a cluster that is dynamically -registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    + + \ No newline at end of file diff --git a/0.4/multi-cluster-install.html b/0.4/multi-cluster-install.html index 81b88fa21..2cce549b2 100644 --- a/0.4/multi-cluster-install.html +++ b/0.4/multi-cluster-install.html @@ -4,12 +4,12 @@ Multi-cluster Install | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Multi-cluster Install

    Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.

    Warning: The multi-cluster install described below is only covered in standalone Fleet, which is untested by Rancher QA.

    In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a +

    Version: 0.4

    Multi-cluster Install

    Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.

    Warning: The multi-cluster install described below is only covered in standalone Fleet, which is untested by Rancher QA.

    In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a Kubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager.

    Prerequisites​

    Helm 3​

    Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the @@ -35,8 +35,8 @@ only because the curl command is not setting proper credentials, but this valida connection work and the ca.pem is correct for this URL. If you get a SSL certificate problem then the ca.pem is not correct. The contents of the ${API_SERVER_CA} file should look similar to the below

    -----BEGIN CERTIFICATE-----
    MIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
    ZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda
    MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49
    AgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E
    0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE
    AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs
    ciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN
    KDs/pb3fnMTtpA==
    -----END CERTIFICATE-----

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the Fleet manager.

    + + \ No newline at end of file diff --git a/0.4/namespaces.html b/0.4/namespaces.html index 0ee41639f..b9b7038df 100644 --- a/0.4/namespaces.html +++ b/0.4/namespaces.html @@ -4,12 +4,12 @@ Namespaces | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces +

    Version: 0.4

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces of the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is important to understand the security model and how one can use Fleet in a multi-tenant fashion.

    GitRepos, Bundles, Clusters, ClusterGroups​

    The primary types are all scoped to a namespace. All selectors for GitRepo targets will be evaluated against the Clusters and ClusterGroups in the same namespaces. This means that if you give create or update privileges @@ -35,8 +35,8 @@ be evaluated against all clusters in all namespaces that match namespaceSe bundles from git by putting labels in the fleet.yaml file or on the metadata.labels field on the GitRepo.

    Restricting GitRepos​

    A namespace can contain multiple GitRepoRestriction resources. All GitRepos created in that namespace will be checked against the list of restrictions. If a GitRepo violates one of the constraints its BundleDeployment will be -in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    + + \ No newline at end of file diff --git a/0.4/quickstart.html b/0.4/quickstart.html index bf6d9b2ae..b9b9a2d93 100644 --- a/0.4/quickstart.html +++ b/0.4/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure +

    Version: 0.4

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-v0.4.1.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-v0.4.1.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.4/single-cluster-install.html b/0.4/single-cluster-install.html index 18e0ba03f..29d2bd4be 100644 --- a/0.4/single-cluster-install.html +++ b/0.4/single-cluster-install.html @@ -4,12 +4,12 @@ Single Cluster Install | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Single Cluster Install

    In this use case you have only one cluster. The cluster will run both the Fleet +

    Version: 0.4

    Single Cluster Install

    In this use case you have only one cluster. The cluster will run both the Fleet manager and the Fleet agent. The cluster will communicate with Git server to deploy resources to this local cluster. This is the simplest setup and very useful for dev/test and small scale setups. This use case is supported as a valid @@ -18,8 +18,8 @@ fairly straight forward. To install the Helm 3 CLI follow the official install instructions. The TL;DR is

    macOS

    brew install helm

    Windows

    choco install kubernetes-helm

    Kubernetes​

    Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by -running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.4/troubleshooting.html b/0.4/troubleshooting.html index a954152cd..a1971c56f 100644 --- a/0.4/troubleshooting.html +++ b/0.4/troubleshooting.html @@ -4,15 +4,15 @@ Troubleshooting | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: +

    Version: 0.4

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Migrate the local cluster to the Fleet default cluster workspace?​

    Users can create new workspaces and move clusters across workspaces. -It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.4/uninstall.html b/0.4/uninstall.html index 42820b569..7d3d3c50a 100644 --- a/0.4/uninstall.html +++ b/0.4/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by +

    Version: 0.4

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.4/webhook.html b/0.4/webhook.html index 60b41d003..d51e5dac1 100644 --- a/0.4/webhook.html +++ b/0.4/webhook.html @@ -4,16 +4,16 @@ Webhook | Fleet - - + +
    -
    Skip to main content
    Version: 0.4

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, +

    Version: 0.4

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5.html b/0.5.html index f386ab6b2..1ff260d6d 100644 --- a/0.5.html +++ b/0.5.html @@ -4,13 +4,13 @@ Overview | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.5

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/advanced-users.html b/0.5/advanced-users.html index 81e490054..2f7416b8e 100644 --- a/0.5/advanced-users.html +++ b/0.5/advanced-users.html @@ -4,13 +4,13 @@ Advanced Users | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Advanced Users

    Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

    The following are examples of advanced use cases:

    Please refer to the installation and the uninstall documentation for additional information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.5

    Advanced Users

    Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.

    The following are examples of advanced use cases:

    Please refer to the installation and the uninstall documentation for additional information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/agent-initiated.html b/0.5/agent-initiated.html index 95c90e18b..39820e156 100644 --- a/0.5/agent-initiated.html +++ b/0.5/agent-initiated.html @@ -4,12 +4,12 @@ Agent Initiated | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Agent Initiated

    Refer to the overview page for a background information on the agent initiated registration style.

    Cluster Registration Token and Client ID​

    A downstream cluster is registered using the cluster registration token and optionally a client ID or cluster labels.

    The cluster registration token is a credential that will authorize the downstream cluster agent to be +

    Version: 0.5

    Agent Initiated

    Refer to the overview page for a background information on the agent initiated registration style.

    Cluster Registration Token and Client ID​

    A downstream cluster is registered using the cluster registration token and optionally a client ID or cluster labels.

    The cluster registration token is a credential that will authorize the downstream cluster agent to be able to initiate the registration process. This is required. Refer to the cluster registration token page for more information on how to create tokens and obtain the values. The cluster registration token is manifested as a values.yaml file that will be passed to the helm install process.

    There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which @@ -39,8 +39,8 @@ For the agent chart the namespace must be cattle-fleet-system and t Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context to change which cluster Helm is installing to.

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set clientID="$CLUSTER_CLIENT_ID" \
        --values values.yaml \
        fleet-agent https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz

    The agent should now be deployed. You can check that status of the fleet pods by running the below commands.

    # Ensure kubectl is pointing to the right cluster
    kubectl -n cattle-fleet-system logs -l app=fleet-agent
    kubectl -n cattle-fleet-system get pods -l app=fleet-agent

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet -manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/architecture.html b/0.5/architecture.html index 3f8a5176a..7d0499f6e 100644 --- a/0.5/architecture.html +++ b/0.5/architecture.html @@ -4,12 +4,12 @@ Architecture | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These +

    Version: 0.5

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These components work in a two-stage pull model. The Fleet manager will pull from git and the cluster agents will pull from the Fleet manager.

    Fleet Manager​

    The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes cluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +subresource of it's Cluster resource.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/bundle-diffs.html b/0.5/bundle-diffs.html index 353e946ec..e2d1f1431 100644 --- a/0.5/bundle-diffs.html +++ b/0.5/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs for Modified GitRepos | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Generating Diffs for Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.5

    Generating Diffs for Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/cluster-bundles-state.html b/0.5/cluster-bundles-state.html index 9f8058a6e..9ec6a9a13 100644 --- a/0.5/cluster-bundles-state.html +++ b/0.5/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle state | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Cluster and Bundle state

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.5

    Cluster and Bundle state

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/cluster-group.html b/0.5/cluster-group.html index 86f7eb045..118e2c452 100644 --- a/0.5/cluster-group.html +++ b/0.5/cluster-group.html @@ -4,17 +4,17 @@ Cluster Groups | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. +

    Version: 0.5

    Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/cluster-overview.html b/0.5/cluster-overview.html index 5bfa59d3e..9473e966a 100644 --- a/0.5/cluster-overview.html +++ b/0.5/cluster-overview.html @@ -4,12 +4,12 @@ Overview | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Overview

    There are two specific styles to registering clusters. These styles will be referred +

    Version: 0.5

    Overview

    There are two specific styles to registering clusters. These styles will be referred to as agent initiated and manager initiated registration. Typically one would go with the agent initiated registration but there are specific use cases in which manager initiated is a better workflow.

    Agent Initiated Registration​

    Agent initiated refers to a pattern in which the downstream cluster installs an agent with a @@ -24,8 +24,8 @@ manager must be able to communicate with the downstream cluster API server for t After the cluster is registered there is no further need for the manager to contact the downstream cluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes clusters through GitOps using something like cluster-api -or Rancher.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +or Rancher.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/cluster-tokens.html b/0.5/cluster-tokens.html index 6da241cd1..3928a9c58 100644 --- a/0.5/cluster-tokens.html +++ b/0.5/cluster-tokens.html @@ -4,12 +4,12 @@ Cluster Registration Tokens | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Cluster Registration Tokens

    info

    Not needed for Manager initiated registration: +

    Version: 0.5

    Cluster Registration Tokens

    info

    Not needed for Manager initiated registration: For manager initiated registrations the token is managed by the Fleet manager and does not need to be manually created and obtained.

    For an agent initiated registration the downstream cluster must have a cluster registration token. Cluster registration tokens are used to establish a new identity for a cluster. Internally @@ -26,8 +26,8 @@ are used in Fleet refer to the documentation on namesp token with the below YAML.

    kind: ClusterRegistrationToken
    apiVersion: "fleet.cattle.io/v1alpha1"
    metadata:
        name: new-token
        namespace: clusters
    spec:
        # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
        ttl: 240h

    After the ClusterRegistrationToken is created, Fleet will create a corresponding Secret with the same name. As the Secret creation is performed asynchronously, you will need to wait until it's available before using it.

    One way to do so is via the following one-liner:

    while ! kubectl --namespace=clusters  get secret new-token; do sleep 5; done

    Obtaining Token Value (Agent values.yaml)​

    The token value contains YAML content for a values.yaml file that is expected to be passed to helm install to install the Fleet agent on a downstream cluster.

    Such value is contained in the values field of the Secret mentioned above. To obtain the YAML content for the -above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/concepts.html b/0.5/concepts.html index 8eb24c52b..35b1fc6ff 100644 --- a/0.5/concepts.html +++ b/0.5/concepts.html @@ -4,12 +4,12 @@ Core Concepts | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers +

    Version: 0.5

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers to manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters.

    info

    For more on the naming conventions of CRDs, click here.

    Below are some of the concepts of Fleet that will be useful throughout this documentation:

    • Fleet Manager: The centralized component that orchestrates the deployments of Kubernetes assets from git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a single cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps.
    • Fleet controller: The controller(s) running on the Fleet manager orchestrating GitOps. In practice, @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

      • To see the lifecycle of a bundle, click here.

    • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

      • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

    • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

    • Cluster Registration Token: Tokens used by agents to register a new cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/examples.html b/0.5/examples.html index 1cb33bf90..49362b723 100644 --- a/0.5/examples.html +++ b/0.5/examples.html @@ -4,14 +4,14 @@ Examples | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.5

    Examples

    Lifecycle of a Fleet Bundle​

    To demonstrate the lifecycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    Deploy Kubernetes Manifests Across Clusters with Customization​

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use multi-cluster/helm/fleet.yaml as a case study.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/gitrepo-add.html b/0.5/gitrepo-add.html index 9ec186fc6..607e446de 100644 --- a/0.5/gitrepo-add.html +++ b/0.5/gitrepo-add.html @@ -4,15 +4,15 @@ Adding a GitRepo | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer +

    Version: 0.5

    Adding a GitRepo

    Proper namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Create GitRepo instance​

    Git repositories are register by creating a GitRepo following the below YAML sample. Refer to the inline comments as the means of each field

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. -Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Make sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/gitrepo-structure.html b/0.5/gitrepo-structure.html index f57da652e..11767473a 100644 --- a/0.5/gitrepo-structure.html +++ b/0.5/gitrepo-structure.html @@ -4,12 +4,12 @@ Expected Repo Structure | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Expected Repo Structure

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. +

    Version: 0.5

    Expected Repo Structure

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. Bundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not specified within fleet.yaml it is generated from GitRepo.name + path. Long names are truncated and a -<hash> prefix is added.

    The git repository has no explicitly required structure. It is important to realize the scanned resources will be saved as a resource in Kubernetes so @@ -43,8 +43,8 @@ the contents a file the convention of adding _patch. (notice the tr will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +using YAML syntax.

    Cluster and Bundle state​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/gitrepo-targets.html b/0.5/gitrepo-targets.html index c4386ba6c..8d2615e8f 100644 --- a/0.5/gitrepo-targets.html +++ b/0.5/gitrepo-targets.html @@ -4,12 +4,12 @@ Mapping to Downstream Clusters | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Mapping to Downstream Clusters

    info

    Multi-cluster Only: +

    Version: 0.5

    Mapping to Downstream Clusters

    info

    Multi-cluster Only: This approach only applies if you are running Fleet in a multi-cluster style

    When deploying GitRepos to downstream clusters the clusters must be mapped to a target.

    Defining targets​

    The deployment targets of GitRepo is done using the spec.targets field to match clusters or cluster groups. The YAML specification is as below.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: myrepo
      namespace: clusters
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - simple

      # Targets are evaluated in order and the first one to match is used. If
      # no targets match then the evaluated cluster will not be deployed to.
      targets:
      # The name of target. This value is largely for display and logging.
      # If not specified a default name of the format "target000" will be used
      - name: prod
        # A selector used to match clusters.  The structure is the standard
        # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
        # clusterSelector will be used only to further refine the selection after
        # clusterGroupSelector and clusterGroup is evaluated.
        clusterSelector:
          matchLabels:
            env: prod
        # A selector used to match cluster groups.
        clusterGroupSelector:
          matchLabels:
            region: us-east
        # A specific clusterGroup by name that will be selected
        clusterGroup: group1

    Target Matching​

    All clusters and cluster groups in the same namespace as the GitRepo will be evaluated against all targets. If any of the targets match the cluster then the GitRepo will be deployed to the downstream cluster. If @@ -18,8 +18,8 @@ One can use cluster selectors, cluster group selectors, or an explicit cluster g the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the default value it is dropped from the criteria. The default value is either null or "". It is important to realize that the value {} for a selector means "match everything."

    # Match everything
    clusterSelector: {}
    # Selector ignored
    clusterSelector: null

    Default target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default -and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +and add clusters to it.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/imagescan.html b/0.5/imagescan.html index a62096b40..5126a9c2b 100644 --- a/0.5/imagescan.html +++ b/0.5/imagescan.html @@ -4,15 +4,15 @@ Image scan | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, +

    Version: 0.5

    Image scan

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/installation.html b/0.5/installation.html index 2c8c2734e..642b8f0f5 100644 --- a/0.5/installation.html +++ b/0.5/installation.html @@ -4,17 +4,17 @@ Installation | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Installation

    The installation is broken up into two different use cases: Single and +

    Version: 0.5

    Installation

    The installation is broken up into two different use cases: Single and Multi-Cluster install. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting -point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +point. After which you can move from single cluster to multi-cluster setup down the line.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/manager-initiated.html b/0.5/manager-initiated.html index 45c7d95bc..2ae36ce88 100644 --- a/0.5/manager-initiated.html +++ b/0.5/manager-initiated.html @@ -4,19 +4,19 @@ Manager Initiated | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Manager Initiated

    Refer to the overview page for a background information on the manager initiated registration style.

    Kubeconfig Secret​

    The manager initiated registration flow is accomplished by creating a +

    Version: 0.5

    Manager Initiated

    Refer to the overview page for a background information on the manager initiated registration style.

    Kubeconfig Secret​

    The manager initiated registration flow is accomplished by creating a Cluster resource in the Fleet Manager that refers to a Kubernetes Secret containing a valid kubeconfig file in the data field called value.

    The format of this secret is intended to match the format of the kubeconfig secret used in cluster-api. This means you can use cluster-api to create a cluster that is dynamically -registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +registered with Fleet.

    Example​

    Kubeconfig Secret​

    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Cluster​

    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/multi-cluster-install.html b/0.5/multi-cluster-install.html index 31be74372..7289d4bbb 100644 --- a/0.5/multi-cluster-install.html +++ b/0.5/multi-cluster-install.html @@ -4,12 +4,12 @@ Multi Cluster Install | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Multi Cluster Install

    Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.

    Warning: The multi-cluster install described below is only covered in standalone Fleet, which is untested by Rancher QA.

    In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a +

    Version: 0.5

    Multi Cluster Install

    Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.

    Warning: The multi-cluster install described below is only covered in standalone Fleet, which is untested by Rancher QA.

    In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a Kubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager.

    Prerequisites​

    Helm 3​

    Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the @@ -35,8 +35,8 @@ only because the curl command is not setting proper credentials, but this valida connection work and the ca.pem is correct for this URL. If you get a SSL certificate problem then the ca.pem is not correct. The contents of the ${API_SERVER_CA} file should look similar to the below

    -----BEGIN CERTIFICATE-----
    MIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
    ZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda
    MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49
    AgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E
    0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE
    AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs
    ciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN
    KDs/pb3fnMTtpA==
    -----END CERTIFICATE-----

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="${API_SERVER_URL}" \
        --set-file apiServerCA="${API_SERVER_CA}" \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz

    Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/namespaces.html b/0.5/namespaces.html index 7d23ab371..d508abcae 100644 --- a/0.5/namespaces.html +++ b/0.5/namespaces.html @@ -4,12 +4,12 @@ Namespaces | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces +

    Version: 0.5

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces of the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is important to understand the security model and how one can use Fleet in a multi-tenant fashion.

    GitRepos, Bundles, Clusters, ClusterGroups​

    The primary types are all scoped to a namespace. All selectors for GitRepo targets will be evaluated against the Clusters and ClusterGroups in the same namespaces. This means that if you give create or update privileges @@ -35,8 +35,8 @@ be evaluated against all clusters in all namespaces that match namespaceSe bundles from git by putting labels in the fleet.yaml file or on the metadata.labels field on the GitRepo.

    Restricting GitRepos​

    A namespace can contain multiple GitRepoRestriction resources. All GitRepos created in that namespace will be checked against the list of restrictions. If a GitRepo violates one of the constraints its BundleDeployment will be -in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/quickstart.html b/0.5/quickstart.html index 71a9b7a62..2c093794a 100644 --- a/0.5/quickstart.html +++ b/0.5/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure +

    Version: 0.5

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz

    Add a Git Repo to watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/single-cluster-install.html b/0.5/single-cluster-install.html index 0262130a5..a8e66e9ae 100644 --- a/0.5/single-cluster-install.html +++ b/0.5/single-cluster-install.html @@ -4,12 +4,12 @@ Single Cluster Install | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Single Cluster Install

    In this use case you have only one cluster. The cluster will run both the Fleet +

    Version: 0.5

    Single Cluster Install

    In this use case you have only one cluster. The cluster will run both the Fleet manager and the Fleet agent. The cluster will communicate with Git server to deploy resources to this local cluster. This is the simplest setup and very useful for dev/test and small scale setups. This use case is supported as a valid @@ -18,8 +18,8 @@ fairly straight forward. To install the Helm 3 CLI follow the official install instructions. The TL;DR is

    macOS

    brew install helm

    Windows

    choco install kubernetes-helm

    Kubernetes​

    Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater.

    Install​

    Install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz

    Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by -running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +running the below commands.

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/troubleshooting.html b/0.5/troubleshooting.html index ef94e48d6..0d52a32ff 100644 --- a/0.5/troubleshooting.html +++ b/0.5/troubleshooting.html @@ -4,15 +4,15 @@ Troubleshooting | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: +

    Version: 0.5

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Migrate the local cluster to the Fleet default cluster workspace?​

    Users can create new workspaces and move clusters across workspaces. -It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/uninstall.html b/0.5/uninstall.html index 2534e4681..9c71c55fa 100644 --- a/0.5/uninstall.html +++ b/0.5/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by +

    Version: 0.5

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.5/webhook.html b/0.5/webhook.html index cdd963eba..7e3e1f28d 100644 --- a/0.5/webhook.html +++ b/0.5/webhook.html @@ -4,16 +4,16 @@ Webhook | Fleet - - + +
    -
    Skip to main content
    Version: 0.5

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, +

    Version: 0.5

    Webhook

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6.html b/0.6.html index 24a355a87..46e858444 100644 --- a/0.6.html +++ b/0.6.html @@ -4,13 +4,13 @@ Overview | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/architecture.html b/0.6/architecture.html index 0df52a32a..8094ddb19 100644 --- a/0.6/architecture.html +++ b/0.6/architecture.html @@ -4,12 +4,12 @@ Architecture | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These +

    Version: 0.6

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These components work in a two-stage pull model. The Fleet manager will pull from git and the cluster agents will pull from the Fleet manager.

    Fleet Manager​

    The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes cluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/bundle-diffs.html b/0.6/bundle-diffs.html index 592e2b701..ea3fae8bb 100644 --- a/0.6/bundle-diffs.html +++ b/0.6/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs to Ignore Modified GitRepos | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    https://github.com/rancher/fleet-examples/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    https://github.com/rancher/fleet-examples/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and 

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/cli/fleet-agent.html b/0.6/cli/fleet-agent.html index b3ad79560..3ac73eaa5 100644 --- a/0.6/cli/fleet-agent.html +++ b/0.6/cli/fleet-agent.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/cli/fleet-cli/fleet.html b/0.6/cli/fleet-cli/fleet.html index a4a046aff..cf93aa7f3 100644 --- a/0.6/cli/fleet-cli/fleet.html +++ b/0.6/cli/fleet-cli/fleet.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/cli/fleet-cli/fleet_apply.html b/0.6/cli/fleet-cli/fleet_apply.html index c4fbcba15..8d83b0632 100644 --- a/0.6/cli/fleet-cli/fleet_apply.html +++ b/0.6/cli/fleet-cli/fleet_apply.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/cli/fleet-cli/fleet_test.html b/0.6/cli/fleet-cli/fleet_test.html index 550ca369c..270e04051 100644 --- a/0.6/cli/fleet-cli/fleet_test.html +++ b/0.6/cli/fleet-cli/fleet_test.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/cli/fleet-controller/fleet-manager.html b/0.6/cli/fleet-controller/fleet-manager.html index 838e0106d..78b8993e5 100644 --- a/0.6/cli/fleet-controller/fleet-manager.html +++ b/0.6/cli/fleet-controller/fleet-manager.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    fleet-manager​

    fleet-manager [flags]

    Options​

          --debug               Turn on debug logging
          --debug-level int     If debugging is enabled, set klog -v=X
          --disable-bootstrap   disable agent on local cluster
          --disable-gitops      disable gitops components
      -h, --help                help for fleet-manager
          --kubeconfig string   Kubeconfig file
          --namespace string    namespace to watch (default "cattle-fleet-system")
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    fleet-manager​

    fleet-manager [flags]

    Options​

          --debug               Turn on debug logging
          --debug-level int     If debugging is enabled, set klog -v=X
          --disable-bootstrap   disable agent on local cluster
          --disable-gitops      disable gitops components
      -h, --help                help for fleet-manager
          --kubeconfig string   Kubeconfig file
          --namespace string    namespace to watch (default "cattle-fleet-system")
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/cluster-bundles-state.html b/0.6/cluster-bundles-state.html index 5d08fe96f..8d592df24 100644 --- a/0.6/cluster-bundles-state.html +++ b/0.6/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle State | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/cluster-group.html b/0.6/cluster-group.html index 5a29bf9cd..83eda0d68 100644 --- a/0.6/cluster-group.html +++ b/0.6/cluster-group.html @@ -4,17 +4,17 @@ Create Cluster Groups | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Create Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. +

    Version: 0.6

    Create Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/cluster-registration.html b/0.6/cluster-registration.html index 80bba6391..4ade1ce1c 100644 --- a/0.6/cluster-registration.html +++ b/0.6/cluster-registration.html @@ -4,12 +4,12 @@ Register Downstream Clusters | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Register Downstream Clusters

    Overview​

    There are two specific styles to registering clusters. These styles will be referred +

    Version: 0.6

    Register Downstream Clusters

    Overview​

    There are two specific styles to registering clusters. These styles will be referred to as agent initiated and manager initiated registration. Typically one would go with the agent initiated registration but there are specific use cases in which manager initiated is a better workflow.

    Agent Initiated Registration​

    Agent initiated refers to a pattern in which the downstream cluster installs an agent with a @@ -75,8 +75,8 @@ above example one can run the following one-liner:

    info

    If you are using Fleet standalone without Rancher, it must be installed as described in installation details.

    The manager-initiated registration is used when you add a cluster from the Rancher dashboard.

    Create Kubeconfig Secret​

    The format of this secret is intended to match the format of the kubeconfig secret used in cluster-api. -This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/concepts.html b/0.6/concepts.html index 04e8fc7a8..75b046191 100644 --- a/0.6/concepts.html +++ b/0.6/concepts.html @@ -4,12 +4,12 @@ Core Concepts | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers +

    Version: 0.6

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers to manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters.

    info

    For more on the naming conventions of CRDs, click here.

    Below are some of the concepts of Fleet that will be useful throughout this documentation:

    • Fleet Manager: The centralized component that orchestrates the deployments of Kubernetes assets from git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a single cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps.
    • Fleet controller: The controller(s) running on the Fleet manager orchestrating GitOps. In practice, @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

      • To see the life cycle of a bundle, click here.

    • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

      • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

    • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

    • Cluster Registration Token: Tokens used by agents to register a new cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/gitrepo-add.html b/0.6/gitrepo-add.html index 3a03e1d14..18e478c20 100644 --- a/0.6/gitrepo-add.html +++ b/0.6/gitrepo-add.html @@ -4,16 +4,16 @@ Create a GitRepo Resource | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer +

    Version: 0.6

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer to the creating a deployment tutorial for examples.

    The available fields are documented in the GitRepo resource reference

    Using Helm Values​

    How changes are applied to values.yaml:

    • Note that the most recently applied changes to the values.yaml will override any previously existing values.

    • When changes are applied to the values.yaml from multiple sources at the same time, the values will update in the following order: helm.values -> helm.valuesFiles -> helm.valuesFrom. That means valuesFrom will take precedence over both, valuesFiles and values.

    Using ValuesFrom​

    These examples showcase the style and format for using valuesFrom. ConfigMaps and Secrets should be created in downstream clusters.

    Example ConfigMap:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: configmap-values
      namespace: default
    data:  
      values.yaml: |-
        replication: true
        replicas: 2
        serviceType: NodePort

    Example Secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: secret-values
      namespace: default
    stringData:
      values.yaml: |-
        replication: true
        replicas: 3
        serviceType: NodePort

    A secret like that, can be created from a YAML file secretdata.yaml by running the following kubectl command: kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml

    The resources can then be referenced from a fleet.yaml:

    helm:
      chart: simple-chart
      valuesFrom:
        - secretKeyRef:
            name: secret-values
            namespace: default
            key: values.yaml
        - configMapKeyRef:
            name: configmap-values
            namespace: default
            key: values.yaml
      values:
        replicas: "4"

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. Make sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use -helmRepoURLRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +helmRepoURLRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/gitrepo-content.html b/0.6/gitrepo-content.html index 5b40a70cb..f6506a232 100644 --- a/0.6/gitrepo-content.html +++ b/0.6/gitrepo-content.html @@ -4,12 +4,12 @@ Git Repository Contents | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Git Repository Contents

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. +

    Version: 0.6

    Git Repository Contents

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. Bundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not specified within fleet.yaml it is generated from GitRepo.name + path. Long names are truncated and a -<hash> prefix is added.

    The git repository has no explicitly required structure. It is important to realize the scanned resources will be saved as a resource in Kubernetes so @@ -43,8 +43,8 @@ the contents of a file the convention of adding _patch. (notice the will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/gitrepo-targets.html b/0.6/gitrepo-targets.html index 9e70aa335..9de924e15 100644 --- a/0.6/gitrepo-targets.html +++ b/0.6/gitrepo-targets.html @@ -4,12 +4,12 @@ Mapping to Downstream Clusters | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Mapping to Downstream Clusters

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    info

    Multi-cluster Only: +

    Version: 0.6

    Mapping to Downstream Clusters

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    info

    Multi-cluster Only: This approach only applies if you are running Fleet in a multi-cluster style

    When deploying GitRepos to downstream clusters the clusters must be mapped to a target.

    Defining Targets​

    The deployment targets of GitRepo is done using the spec.targets field to match clusters or cluster groups. The YAML specification is as below.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: myrepo
      namespace: clusters
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - simple

      # Targets are evaluated in order and the first one to match is used. If
      # no targets match then the evaluated cluster will not be deployed to.
      targets:
      # The name of target. This value is largely for display and logging.
      # If not specified a default name of the format "target000" will be used
      - name: prod
        # A selector used to match clusters.  The structure is the standard
        # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
        # clusterSelector will be used only to further refine the selection after
        # clusterGroupSelector and clusterGroup is evaluated.
        clusterSelector:
          matchLabels:
            env: prod
        # A selector used to match cluster groups.
        clusterGroupSelector:
          matchLabels:
            region: us-east
        # A specific clusterGroup by name that will be selected
        clusterGroup: group1
        # A specific cluster by name that will be selected
        clusterName: cluster1

    Target Matching​

    All clusters and cluster groups in the same namespace as the GitRepo will be evaluated against all targets. If any of the targets match the cluster then the GitRepo will be deployed to the downstream cluster. If @@ -21,8 +21,8 @@ that the value {} for a selector means "match everything." and add clusters to it.

    Customization per Cluster​

    To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use multi-cluster/helm/fleet.yaml.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml: 
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    important information

    Overriding the version of a Helm chart via target customizations will lead to bundles containing all versions, ie the default one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will deploy larger bundles.

    As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed etcd's configured maximum blob size. See this issue for more details.

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/imagescan.html b/0.6/imagescan.html index a36457558..7cc299b75 100644 --- a/0.6/imagescan.html +++ b/0.6/imagescan.html @@ -4,15 +4,15 @@ Using Image Scan to Update Container Image References | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, +

    Version: 0.6

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order 
    - policy: 
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver: 
          range: "*" 
        # can use ascending or descending order
        alphabetical:
          order: asc 

      # specify images to scan
      image: "your.registry.com/repo/image" 

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret 

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples 
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m 
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret 
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/installation.html b/0.6/installation.html index a450ee7df..6092f72b8 100644 --- a/0.6/installation.html +++ b/0.6/installation.html @@ -4,12 +4,12 @@ Installation Details | Fleet - - + +
    -
    Skip to main content
    Version: 0.6

    Installation Details

    The installation is broken up into two different use cases: single and multi-cluster. +

    Version: 0.6

    Installation Details

    The installation is broken up into two different use cases: single and multi-cluster. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting @@ -37,8 +37,8 @@ the ca.pem is not correct. The contents of the $API_SERVER_CA and the CA certificate is in the file ca.pem. If your API server URL is signed by a well-known CA you can omit the apiServerCA parameter below or just create an empty ca.pem file (ie touch ca.pem).

    Setup the environment with your specific values, e.g.:

    API_SERVER_URL="https://example.com:6443"
    API_SERVER_CA="ca.pem"

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First install the Fleet CustomResourcesDefintions.
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz

    Second install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="$API_SERVER_URL" \
        --set-file apiServerCA="$API_SERVER_CA" \
        fleet https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/multi-user.html b/0.6/multi-user.html index d9726b90e..4e4c8b6b7 100644 --- a/0.6/multi-user.html +++ b/0.6/multi-user.html @@ -4,12 +4,12 @@ Setup Multi User | Fleet - - + +
    -
    Version: 0.6

    Setup Multi User

    Fleet uses Kubernetes RBAC where possible.

    One addition on top of RBAC is the GitRepoRestriction resource, which can be used to control GitRepo resources in a namespace.

    A multi-user fleet setup looks like this:

    • tenants don't share namespaces, each tenant has one or more namespaces on the +
      Version: 0.6

      Setup Multi User

      Fleet uses Kubernetes RBAC where possible.

      One addition on top of RBAC is the GitRepoRestriction resource, which can be used to control GitRepo resources in a namespace.

      A multi-user fleet setup looks like this:

      • tenants don't share namespaces, each tenant has one or more namespaces on the upstream cluster, where they can create GitRepo resources
      • tenants can't deploy cluster wide resources and are limited to a set of namespaces on downstream clusters
      • clusters are in a separate namespace

      Shared Clusters

      important information

      The isolation of tenants is not complete and relies on Kubernetes RBAC to be set up correctly. Without manual setup from an operator tenants can still @@ -17,8 +17,8 @@ deploy cluster wide resources. Even with the available Fleet restrictions, users are only restricted to namespaces, but namespaces don't provide much isolation on their own. E.g. they can still consume as many resources as they like.

      However, the existing Fleet restrictions allow users to share clusters, and -deploy resources without conflicts.

      Example User​

      This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

      kubectl create serviceaccount fleetuser
      kubectl create namespace project1
      kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
      kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

      If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

      kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
      kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
      kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

      This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

      Allow Access to Clusters​

      This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

      In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

      kind: BundleNamespaceMapping
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: mapping
        namespace: project1

      # Bundles to match by label.
      # The labels are defined in the fleet.yaml # labels field or from the
      # GitRepo metadata.labels field
      bundleSelector:
        matchLabels:
          team: one
          # or target one repo
          #fleet.cattle.io/repo-name: simpleapp

      # Namespaces, containing clusters, to match by label
      namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: fleet-default
          # the label is on the namespace
          #workspace: prod

      The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

      Restricting Access to Downstream Clusters​

      Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

      kind: GitRepoRestriction
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: restriction
        namespace: project1

      allowedTargetNamespaces:
        - project1simpleapp

      This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

      An Example GitRepo Resource​

      A GitRepo resource created by a tenant, without admin access could look like this:

      kind: GitRepo
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: simpleapp
        namespace: project1
        labels:
          team: one

      spec:
        repo: https://github.com/rancher/fleet-examples
        paths:
        - bundle-diffs

        targetNamespace: project1simpleapp

        # do not match the upstream/local cluster, won't work
        targets:
        - name: dev
          clusterSelector:
            matchLabels:
              env: dev

      This includes the team: one label and and the required targetNamespace.

      Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

      note

      BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

      Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +deploy resources without conflicts.

    Example User​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource created by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/namespaces.html b/0.6/namespaces.html index 3785fc150..5f303f796 100644 --- a/0.6/namespaces.html +++ b/0.6/namespaces.html @@ -4,12 +4,12 @@ Namespaces | Fleet - - + +
    -
    Version: 0.6

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces +

    Version: 0.6

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces of the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is important to understand the security model and how one can use Fleet in a multi-tenant fashion.

    GitRepos, Bundles, Clusters, ClusterGroups​

    The primary types are all scoped to a namespace. All selectors for GitRepo targets will be evaluated against the Clusters and ClusterGroups in the same namespaces. This means that if you give create or update privileges @@ -39,8 +39,8 @@ in an error state and won't be deployed.

    This can also be used to set If an allowedTargetNamespaces restriction is present, all GitRepos must specify a targetNamespace and the specified namespace must be in the allow list. -This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/quickstart.html b/0.6/quickstart.html index 4c9d26ddd..b116be3cf 100644 --- a/0.6/quickstart.html +++ b/0.6/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - - + +
    -
    Version: 0.6

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure +

    Version: 0.6

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure things to your cluster.

    brew install helm

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz
    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz

    Add a Git Repo to Watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/ref-bundle-stages.html b/0.6/ref-bundle-stages.html index e699c6c05..6d5b65ded 100644 --- a/0.6/ref-bundle-stages.html +++ b/0.6/ref-bundle-stages.html @@ -4,13 +4,13 @@ Bundle Lifecycle | Fleet - - + +
    -
    Version: 0.6

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/ref-configuration.html b/0.6/ref-configuration.html index befff920a..79ebddda4 100644 --- a/0.6/ref-configuration.html +++ b/0.6/ref-configuration.html @@ -4,13 +4,13 @@ Configuration | Fleet - - + +
    -
    Version: 0.6

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace and cluster name
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace and cluster name
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/ref-crds.html b/0.6/ref-crds.html index 877115c89..2660a37c4 100644 --- a/0.6/ref-crds.html +++ b/0.6/ref-crds.html @@ -4,13 +4,13 @@ Custom Resources Spec | Fleet - - + +
    -
    Version: 0.6

    Custom Resources Spec

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[][ResourcePerClusterState](#resourceperclusterstate)false

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not providedstringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[][GitTarget](#gittarget)false
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepoboolfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[][GitRepoResource](#gitreporesource)false
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contain the actual resources from the git repo which will be deployed.[][BundleResource](#bundleresource)false
    targetsTargets refer to the clusters which will be deployed to.[][BundleTarget](#bundletarget)false
    targetRestrictionsTargetRestrictions restrict which clusters the bundle will be deployed to.[][BundleTargetRestriction](#bundletargetrestriction)false
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[][PartitionStatus](#partitionstatus)false
    displayBundleDisplayfalse
    resourceKey[][ResourceKey](#resourcekey)false
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[][NonReadyResource](#nonreadyresource)false

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[][Operation](#operation)false
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[][ComparePatch](#comparepatch)false

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[][ValuesFrom](#valuesfrom)false
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[][Partition](#partition)false

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    Custom Resources Spec

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[][ResourcePerClusterState](#resourceperclusterstate)false

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not providedstringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[][GitTarget](#gittarget)false
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepoboolfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[][GitRepoResource](#gitreporesource)false
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contain the actual resources from the git repo which will be deployed.[][BundleResource](#bundleresource)false
    targetsTargets refer to the clusters which will be deployed to.[][BundleTarget](#bundletarget)false
    targetRestrictionsTargetRestrictions restrict which clusters the bundle will be deployed to.[][BundleTargetRestriction](#bundletargetrestriction)false
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[][BundleRef](#bundleref)false

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[][PartitionStatus](#partitionstatus)false
    displayBundleDisplayfalse
    resourceKey[][ResourceKey](#resourcekey)false
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[][NonReadyResource](#nonreadyresource)false

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[][Operation](#operation)false
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[][ComparePatch](#comparepatch)false

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[][ValuesFrom](#valuesfrom)false
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[][ModifiedStatus](#modifiedstatus)false
    nonReadyStatus[][NonReadyStatus](#nonreadystatus)false

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[][Partition](#partition)false

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/ref-fleet-yaml.html b/0.6/ref-fleet-yaml.html index 1883c9fca..d124e13e5 100644 --- a/0.6/ref-fleet-yaml.html +++ b/0.6/ref-fleet-yaml.html @@ -4,13 +4,13 @@ fleet.yaml | Fleet - - + +
    -
    Version: 0.6

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # Optional map of labels, that are set at the bundle and can be used in a 
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. However, the `uuidv4` function is not supported.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default 
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true
      
    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector: 
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name.    
      clusterName: dev-cluster    
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # Optional map of labels, that are set at the bundle and can be used in a 
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. However, the `uuidv4` function is not supported.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default 
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true
      
    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector: 
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name.    
      clusterName: dev-cluster    
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/ref-gitrepo.html b/0.6/ref-gitrepo.html index 19c9c5a5e..2c7ee7429 100644 --- a/0.6/ref-gitrepo.html +++ b/0.6/ref-gitrepo.html @@ -4,14 +4,14 @@ GitRepo Resource | Fleet - - + +
    -
    Version: 0.6

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. -For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      # 
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. 
      # Credentials will always be used if it is empty or not provided
      # 
      # helmRepoURLRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. +For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      # 
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. 
      # Credentials will always be used if it is empty or not provided
      # 
      # helmRepoURLRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/ref-registration.html b/0.6/ref-registration.html index 5afc5a16c..d8fc33d9f 100644 --- a/0.6/ref-registration.html +++ b/0.6/ref-registration.html @@ -4,14 +4,14 @@ Cluster Registration Internals | Fleet - - + +
    -
    Version: 0.6

    Cluster Registration Internals

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. -It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.6

    Cluster Registration Internals

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. +It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/ref-resources.html b/0.6/ref-resources.html index 055575716..39304ae56 100644 --- a/0.6/ref-resources.html +++ b/0.6/ref-resources.html @@ -4,13 +4,13 @@ Custom Resources | Fleet - - + +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/troubleshooting.html b/0.6/troubleshooting.html index bb21d3cd6..dd7132406 100644 --- a/0.6/troubleshooting.html +++ b/0.6/troubleshooting.html @@ -4,15 +4,15 @@ Troubleshooting | Fleet - - + +
    -
    Version: 0.6

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: +

    Version: 0.6

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name> 
    helm:  
      releaseName: <release name>  
      repo: <repo name> 
      chart: <chart name>
    diff:  
      comparePatches:  
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'

    Nested GitRepo CRs​

    Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available.

    Migrate the local cluster to the Fleet default cluster workspace?​

    Users can create new workspaces and move clusters across workspaces. -It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/tut-deployment.html b/0.6/tut-deployment.html index 2c84643b9..a60bdf4c1 100644 --- a/0.6/tut-deployment.html +++ b/0.6/tut-deployment.html @@ -4,17 +4,17 @@ Creating a Deployment | Fleet - - + +
    -
    Version: 0.6

    Creating a Deployment

    To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.

    This tutorial uses the fleet-examples repository.

    note

    For more details on how to structure the repository and configure the deployment of each bundle see GitRepo Contents. +

    Version: 0.6

    Creating a Deployment

    To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.

    This tutorial uses the fleet-examples repository.

    note

    For more details on how to structure the repository and configure the deployment of each bundle see GitRepo Contents. For more details on the options that are available per Git repository see Adding a GitRepo.

    Single-Cluster Examples​

    All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet.

    An example using Helm. We are deploying the helm example to the local cluster.

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment:

    fleet.yaml
    namespace: fleet-helm-example

    # Custom helm options
    helm:
      # The release name to use. If empty a generated release name will be used
      releaseName: guestbook

      # The directory of the chart in the repo.  Also any valid go-getter supported
      # URL can be used there is specify where to download the chart from.
      # If repo below is set this value if the chart name in the repo
      chart: ""

      # An https to a valid Helm repository to download the chart from
      repo: ""

      # Used if repo is set to look up the version of the chart
      version: ""

      # Force recreate resource that can not be updated
      force: false

      # How long for helm to wait for the release to be active. If the value
      # is less that or equal to zero, we will not wait in Helm
      timeoutSeconds: 0

      # Custom values that will be passed as values.yaml to the installation
      values:
        replicas: 2

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-local namespace contains the local cluster resource. The local fleet-agent will create the deployment in the fleet-helm-example namespace.

    kubectl apply -n fleet-local -f - <<EOF
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - single-cluster/helm
    EOF

    Multi-Cluster Examples​

    The examples below will deploy a multi git repo to multiple clusters at once and configure the app differently for each target.

    An example using Helm. We are deploying the helm example and customizing it per target cluster

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment. The fleet.yaml is used to configure different deployment options, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-helm-example
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/helm
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod

    By applying the gitrepo resource to the upstream cluster, fleet will start to monitor the repository and create deployments:

    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +The application will be customized as follows per environment:

    • Dev clusters: Only the redis leader is deployed and not the followers.
    • Test clusters: Scale the front deployment to 3
    • Prod clusters: Scale the front deployment to 3 and set the service type to LoadBalancer

    The fleet.yaml is used to control which 'yaml' overlays are used, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-manifest-example
    targetCustomizations:
    - name: dev
      clusterSelector:
        matchLabels:
          env: dev
      yaml:
        overlays:
        # Refers to overlays/noreplication folder
        - noreplication

    - name: test
      clusterSelector:
        matchLabels:
          env: test
      yaml:
        overlays:
        # Refers to overlays/scale3 folder
        - scale3

    - name: prod
      clusterSelector:
        matchLabels:
          env: prod
      yaml:
        # Refers to overlays/servicelb, scale3 folders
        overlays:
        - servicelb
        - scale3

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: manifests
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/manifests
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod
    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/uninstall.html b/0.6/uninstall.html index 5fa8e3bc0..b1dc58a6e 100644 --- a/0.6/uninstall.html +++ b/0.6/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - - + +
    -
    Version: 0.6

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by +

    Version: 0.6

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    caution

    Uninstalling the CRDs will remove all deployed workloads.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    caution

    Uninstalling the CRDs will remove all deployed workloads.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.6/webhook.html b/0.6/webhook.html index e77513067..e844278cc 100644 --- a/0.6/webhook.html +++ b/0.6/webhook.html @@ -4,16 +4,16 @@ Using Webhooks Instead of Polling | Fleet - - + +
    -
    Version: 0.6

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, +

    Version: 0.6

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7.html b/0.7.html index 98e88dc7e..bf4457f91 100644 --- a/0.7.html +++ b/0.7.html @@ -4,13 +4,13 @@ Overview | Fleet - - + +
    -
    Version: 0.7

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.7

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/architecture.html b/0.7/architecture.html index 2856dfe8e..523149792 100644 --- a/0.7/architecture.html +++ b/0.7/architecture.html @@ -4,12 +4,12 @@ Architecture | Fleet - - + +
    -
    Version: 0.7

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These +

    Version: 0.7

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These components work in a two-stage pull model. The Fleet manager will pull from git and the cluster agents will pull from the Fleet manager.

    Fleet Manager​

    The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes cluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/bundle-add.html b/0.7/bundle-add.html index 3e16d462d..c1a299ef4 100644 --- a/0.7/bundle-add.html +++ b/0.7/bundle-add.html @@ -4,19 +4,19 @@ Create a Bundle Resource | Fleet - - + +
    -
    Version: 0.7

    Create a Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created +

    Version: 0.7

    Create a Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created manually by the user. If you want to deploy resources from a git repository use a GitRepo instead.

    If you want to deploy resources without a git repository follow this guide to create a Bundle.

    When creating a GitRepo Fleet will fetch the resources from a git repository, and add them to a Bundle. When creating a Bundle resources need to be explicitly specified in the Bundle Spec. Resources can be compressed with gz. See here an example of how Rancher uses compression in go code.

    If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in GitRepo. -See Mapping to Downstream Clusters.

    The following example creates a nginx Deployment in the local cluster:

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      resources:
      # List of all resources that will be deployed
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml
      targets:
      - clusterName: local

    Limitations​

    Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:

    • spec.helm.repo
    • spec.helm.charts

    You can't use a fleet.yaml in resources, it is only used by the fleet-cli to create bundles.

    The spec.targetRestrictions field is not useful, as it is an allow list for targets specified in spec.targets. It is not needed, since targets are explicitly given in a bundle and an empty targetRestrictions defaults to allow.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +See Mapping to Downstream Clusters.

    The following example creates a nginx Deployment in the local cluster:

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      resources:
      # List of all resources that will be deployed
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml
      targets:
      - clusterName: local

    Limitations​

    Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:

    • spec.helm.repo
    • spec.helm.charts

    You can't use a fleet.yaml in resources, it is only used by the fleet-cli to create bundles.

    The spec.targetRestrictions field is not useful, as it is an allow list for targets specified in spec.targets. It is not needed, since targets are explicitly given in a bundle and an empty targetRestrictions defaults to allow.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/bundle-diffs.html b/0.7/bundle-diffs.html index 40ccd5653..7fb592dd6 100644 --- a/0.7/bundle-diffs.html +++ b/0.7/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs to Ignore Modified GitRepos | Fleet - - + +
    -
    Version: 0.7

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    https://github.com/rancher/fleet-examples/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.7

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    https://github.com/rancher/fleet-examples/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/cli/fleet-agent.html b/0.7/cli/fleet-agent.html index 9607f4770..dd6effd8f 100644 --- a/0.7/cli/fleet-agent.html +++ b/0.7/cli/fleet-agent.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/cli/fleet-cli/fleet.html b/0.7/cli/fleet-cli/fleet.html index 9acd1f33a..8d392c3a5 100644 --- a/0.7/cli/fleet-cli/fleet.html +++ b/0.7/cli/fleet-cli/fleet.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Version: 0.7

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.7

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/cli/fleet-cli/fleet_apply.html b/0.7/cli/fleet-cli/fleet_apply.html index 5c89db0a2..dc53885d3 100644 --- a/0.7/cli/fleet-cli/fleet_apply.html +++ b/0.7/cli/fleet-cli/fleet_apply.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Version: 0.7

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.7

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/cli/fleet-cli/fleet_test.html b/0.7/cli/fleet-cli/fleet_test.html index f752953a0..76e929ae5 100644 --- a/0.7/cli/fleet-cli/fleet_test.html +++ b/0.7/cli/fleet-cli/fleet_test.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Version: 0.7

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.7

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/cli/fleet-controller/fleet-manager.html b/0.7/cli/fleet-controller/fleet-manager.html index d654fcf0e..06d2c8289 100644 --- a/0.7/cli/fleet-controller/fleet-manager.html +++ b/0.7/cli/fleet-controller/fleet-manager.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/cluster-bundles-state.html b/0.7/cluster-bundles-state.html index 585ae9c9e..9f05eff57 100644 --- a/0.7/cluster-bundles-state.html +++ b/0.7/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle State | Fleet - - + +
    -
    Version: 0.7

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Skip to main content
    Version: 0.7

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/cluster-group.html b/0.7/cluster-group.html index b59ee2ec2..1fe79406d 100644 --- a/0.7/cluster-group.html +++ b/0.7/cluster-group.html @@ -4,17 +4,17 @@ Create Cluster Groups | Fleet - - + +
    -
    Version: 0.7

    Create Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. +

    Version: 0.7

    Create Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/cluster-registration.html b/0.7/cluster-registration.html index e17bccf8a..43ae0f7d4 100644 --- a/0.7/cluster-registration.html +++ b/0.7/cluster-registration.html @@ -4,12 +4,12 @@ Register Downstream Clusters | Fleet - - + +
    -
    Version: 0.7

    Register Downstream Clusters

    Overview​

    There are two specific styles to registering clusters. These styles will be referred +

    Version: 0.7

    Register Downstream Clusters

    Overview​

    There are two specific styles to registering clusters. These styles will be referred to as agent-initiated and manager-initiated registration. Typically one would go with the agent-initiated registration but there are specific use cases in which manager-initiated is a better workflow.

    Agent-Initiated Registration​

    Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a @@ -75,8 +75,8 @@ above example one can run the following one-liner:

    info

    If you are using Fleet standalone without Rancher, it must be installed as described in installation details.

    The manager-initiated registration is used when you add a cluster from the Rancher dashboard.

    Create Kubeconfig Secret​

    The format of this secret is intended to match the format of the kubeconfig secret used in cluster-api. -This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/concepts.html b/0.7/concepts.html index 927490e17..ef1d8e3ad 100644 --- a/0.7/concepts.html +++ b/0.7/concepts.html @@ -4,12 +4,12 @@ Core Concepts | Fleet - - + +
    -
    Version: 0.7

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers +

    Version: 0.7

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers to manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters.

    info

    For more on the naming conventions of CRDs, click here.

    Below are some of the concepts of Fleet that will be useful throughout this documentation:

    • Fleet Manager: The centralized component that orchestrates the deployments of Kubernetes assets from git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a single cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps.
    • Fleet controller: The controller(s) running on the Fleet manager orchestrating GitOps. In practice, @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

      • To see the life cycle of a bundle, click here.

    • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

      • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

    • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

    • Cluster Registration Token: Tokens used by agents to register a new cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/gitrepo-add.html b/0.7/gitrepo-add.html index 24aae033a..0c6c1debd 100644 --- a/0.7/gitrepo-add.html +++ b/0.7/gitrepo-add.html @@ -4,19 +4,19 @@ Create a GitRepo Resource | Fleet - - + +
    -
    Version: 0.7

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer +

    Version: 0.7

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer to the creating a deployment tutorial for examples.

    Git Repository Contents has detail about the content of the Git repository.

    The available fields of the GitRepo custom resource are documented in the GitRepo resource reference

    Proper Namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. Make sure you don't leak credentials by mixing public and private repositories. Use different helm credentials for each path, or split them into different gitrepos, or use helmRepoURLRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Use different helm credentials for each path​

    info

    gitRepo.spec.helmSecretName will be ignored if gitRepo.spec.helmSecretNameForPaths is provided

    Create a file secrets-path.yaml that contains credentials for each path defined in a GitRepo. Credentials will not be used for paths that are not present in this file. The path is the actual path to the bundle (ie to a folder containing a fleet.yaml file) within the git repository, which might have more segments than the entry under paths:.

    Example:

    path-one: # path path-one must exist in the repository
      username: user
      password: pass
    path-two:  # path path-one must exist in the repository
      username: user2
      password: pass2
      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
      sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K

    Create the secret

    kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml

    In the previous example credentials for username user will be used for the path path-one and credentials for username -user2 will be used for the path path-two.

    caBundle and sshPrivateKey must be base64 encoded.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +user2 will be used for the path path-two.

    caBundle and sshPrivateKey must be base64 encoded.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/gitrepo-content.html b/0.7/gitrepo-content.html index f88bc6d6d..df84d1de4 100644 --- a/0.7/gitrepo-content.html +++ b/0.7/gitrepo-content.html @@ -4,12 +4,12 @@ Git Repository Contents | Fleet - - + +
    -
    Version: 0.7

    Git Repository Contents

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. +

    Version: 0.7

    Git Repository Contents

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. Bundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not specified within fleet.yaml it is generated from GitRepo.name + path. Long names are truncated and a -<hash> prefix is added.

    The git repository has no explicitly required structure. It is important to realize the scanned resources will be saved as a resource in Kubernetes so @@ -43,8 +43,8 @@ the contents of a file the convention of adding _patch. (notice the will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/gitrepo-targets.html b/0.7/gitrepo-targets.html index a670c514e..7928383b1 100644 --- a/0.7/gitrepo-targets.html +++ b/0.7/gitrepo-targets.html @@ -4,12 +4,12 @@ Mapping to Downstream Clusters | Fleet - - + +
    -
    Version: 0.7

    Mapping to Downstream Clusters

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    info

    Multi-cluster Only: +

    Version: 0.7

    Mapping to Downstream Clusters

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    info

    Multi-cluster Only: This approach only applies if you are running Fleet in a multi-cluster style If no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.

    When deploying GitRepos to downstream clusters the clusters must be mapped to a target.

    Defining Targets​

    The deployment targets of GitRepo is done using the spec.targets field to match clusters or cluster groups. The YAML specification is as below.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: myrepo
      namespace: clusters
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - simple

      # Targets are evaluated in order and the first one to match is used. If
      # no targets match then the evaluated cluster will not be deployed to.
      targets:
      # The name of target. This value is largely for display and logging.
      # If not specified a default name of the format "target000" will be used
      - name: prod
        # A selector used to match clusters.  The structure is the standard
        # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
        # clusterSelector will be used only to further refine the selection after
        # clusterGroupSelector and clusterGroup is evaluated.
        clusterSelector:
          matchLabels:
            env: prod
        # A selector used to match cluster groups.
        clusterGroupSelector:
          matchLabels:
            region: us-east
        # A specific clusterGroup by name that will be selected
        clusterGroup: group1
        # A specific cluster by name that will be selected
        clusterName: cluster1

    Target Matching​

    All clusters and cluster groups in the same namespace as the GitRepo will be evaluated against all targets. @@ -23,8 +23,8 @@ and add clusters to it.

    this issue for more details.

  • Helm.WaitForJobs

  • Kustomize.Dir

  • YAML.Overlays

  • Diff.ComparePatches

    • Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/imagescan.html b/0.7/imagescan.html index a294f0403..0913a4623 100644 --- a/0.7/imagescan.html +++ b/0.7/imagescan.html @@ -4,15 +4,15 @@ Using Image Scan to Update Container Image References | Fleet - - + +
    -
    Version: 0.7

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, +

    Version: 0.7

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order
    - policy:
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver:
          range: "*"
        # can use ascending or descending order
        alphabetical:
          order: asc

      # specify images to scan
      image: "your.registry.com/repo/image"

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/installation.html b/0.7/installation.html index 8341ff274..f3cef199b 100644 --- a/0.7/installation.html +++ b/0.7/installation.html @@ -4,12 +4,12 @@ Installation Details | Fleet - - + +
    -
    Version: 0.7

    Installation Details

    The installation is broken up into two different use cases: single and multi-cluster. +

    Version: 0.7

    Installation Details

    The installation is broken up into two different use cases: single and multi-cluster. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting @@ -37,8 +37,8 @@ the ca.pem is not correct. The contents of the $API_SERVER_CA and the CA certificate is in the file ca.pem. If your API server URL is signed by a well-known CA you can omit the apiServerCA parameter below or just create an empty ca.pem file (ie touch ca.pem).

    Setup the environment with your specific values, e.g.:

    API_SERVER_URL="https://example.com:6443"
    API_SERVER_CA="ca.pem"

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First add Fleet's Helm repository.
    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Second install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd

    Third install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="$API_SERVER_URL" \
        --set-file apiServerCA="$API_SERVER_CA" \
        fleet

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/multi-user.html b/0.7/multi-user.html index a4190444f..81910e828 100644 --- a/0.7/multi-user.html +++ b/0.7/multi-user.html @@ -4,12 +4,12 @@ Setup Multi User | Fleet - - + +
    -
    Version: 0.7

    Setup Multi User

    Fleet uses Kubernetes RBAC where possible.

    One addition on top of RBAC is the GitRepoRestriction resource, which can be used to control GitRepo resources in a namespace.

    A multi-user fleet setup looks like this:

    • tenants don't share namespaces, each tenant has one or more namespaces on the +
      Version: 0.7

      Setup Multi User

      Fleet uses Kubernetes RBAC where possible.

      One addition on top of RBAC is the GitRepoRestriction resource, which can be used to control GitRepo resources in a namespace.

      A multi-user fleet setup looks like this:

      • tenants don't share namespaces, each tenant has one or more namespaces on the upstream cluster, where they can create GitRepo resources
      • tenants can't deploy cluster wide resources and are limited to a set of namespaces on downstream clusters
      • clusters are in a separate namespace

      Shared Clusters

      important information

      The isolation of tenants is not complete and relies on Kubernetes RBAC to be set up correctly. Without manual setup from an operator tenants can still @@ -17,8 +17,8 @@ deploy cluster wide resources. Even with the available Fleet restrictions, users are only restricted to namespaces, but namespaces don't provide much isolation on their own. E.g. they can still consume as many resources as they like.

      However, the existing Fleet restrictions allow users to share clusters, and -deploy resources without conflicts.

      Example User​

      This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

      kubectl create serviceaccount fleetuser
      kubectl create namespace project1
      kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
      kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

      If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

      kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
      kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
      kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

      This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

      Allow Access to Clusters​

      This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

      In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

      kind: BundleNamespaceMapping
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: mapping
        namespace: project1

      # Bundles to match by label.
      # The labels are defined in the fleet.yaml # labels field or from the
      # GitRepo metadata.labels field
      bundleSelector:
        matchLabels:
          team: one
          # or target one repo
          #fleet.cattle.io/repo-name: simpleapp

      # Namespaces, containing clusters, to match by label
      namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: fleet-default
          # the label is on the namespace
          #workspace: prod

      The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

      Restricting Access to Downstream Clusters​

      Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

      kind: GitRepoRestriction
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: restriction
        namespace: project1

      allowedTargetNamespaces:
        - project1simpleapp

      This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

      An Example GitRepo Resource​

      A GitRepo resource created by a tenant, without admin access could look like this:

      kind: GitRepo
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: simpleapp
        namespace: project1
        labels:
          team: one

      spec:
        repo: https://github.com/rancher/fleet-examples
        paths:
        - bundle-diffs

        targetNamespace: project1simpleapp

        # do not match the upstream/local cluster, won't work
        targets:
        - name: dev
          clusterSelector:
            matchLabels:
              env: dev

      This includes the team: one label and and the required targetNamespace.

      Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

      note

      BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

      Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +deploy resources without conflicts.

    Example User​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource created by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/namespaces.html b/0.7/namespaces.html index 207c10602..08ca7a4cd 100644 --- a/0.7/namespaces.html +++ b/0.7/namespaces.html @@ -4,12 +4,12 @@ Namespaces | Fleet - - + +
    -
    Version: 0.7

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces +

    Version: 0.7

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces of the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is important to understand the security model and how one can use Fleet in a multi-tenant fashion.

    GitRepos, Bundles, Clusters, ClusterGroups​

    The primary types are all scoped to a namespace. All selectors for GitRepo targets will be evaluated against the Clusters and ClusterGroups in the same namespaces. This means that if you give create or update privileges @@ -39,8 +39,8 @@ in an error state and won't be deployed.

    This can also be used to set If an allowedTargetNamespaces restriction is present, all GitRepos must specify a targetNamespace and the specified namespace must be in the allow list. -This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/quickstart.html b/0.7/quickstart.html index 18b67c5c8..9643cf27a 100644 --- a/0.7/quickstart.html +++ b/0.7/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - - + +
    -
    Version: 0.7

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is +

    Version: 0.7

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is fairly straightforward. To install the Helm 3 CLI follow the official install instructions.

    Fleet in Rancher

    Rancher has separate helm charts for Fleet and uses a different repository.

    brew install helm
    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \
        fleet/fleet-crd
    helm -n cattle-fleet-system install --create-namespace --wait fleet \
        fleet/fleet

    Add a Git Repo to Watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/ref-bundle-stages.html b/0.7/ref-bundle-stages.html index 8fbb9b3c6..a8cd93dd9 100644 --- a/0.7/ref-bundle-stages.html +++ b/0.7/ref-bundle-stages.html @@ -4,13 +4,13 @@ Bundle Lifecycle | Fleet - - + +
    -
    Version: 0.7

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.7

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/ref-bundle.html b/0.7/ref-bundle.html index 6c606046d..22e9789a0 100644 --- a/0.7/ref-bundle.html +++ b/0.7/ref-bundle.html @@ -4,14 +4,14 @@ Bundle Resource | Fleet - - + +
    -
    Version: 0.7

    Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created.

    The content of the resource corresponds to the BundleSpec. -For more information on how to use the Bundle resource Create a Bundle Resource.

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # Namespace used for resources that do not specify a namespace.
      # This field is not used to enforce or lock down the deployment to a specific namespace.
      # defaultNamespace: test

      # If present will assign all resource to this
      # namespace and if any cluster scoped resource exists the deployment will fail.
      # targetNamespace: app

      # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.
      # kustomize: ...

      # Helm options for the deployment, like the chart name, repo and values.
      # helm: ...

      # ServiceAccount which will be used to perform this deployment.
      # serviceAccount: sa

      # ForceSyncGeneration is used to force a redeployment.
      # forceSyncGeneration: 0

      # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.
      # yaml: ...

      # Diff can be used to ignore the modified state of objects which are amended at runtime.
      # A specific commit or tag can also be watched.
      #
      # diff: ...

      # KeepResources can be used to keep the deployed resources when removing the bundle.
      # keepResources: false

      # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.
      # paused: false

      # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.
      # rolloutStrategy: ...

      # Contain the actual resources from the git repo which will be deployed.
      resources:
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

      # This field is used by Fleet internally, and it should not be modified manually.
      # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.
      # targetRestrictions: ...

      # Refers to the bundles which must be ready before this bundle can be deployed.
      # dependsOn: ...

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.7

    Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created.

    The content of the resource corresponds to the BundleSpec. +For more information on how to use the Bundle resource Create a Bundle Resource.

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # Namespace used for resources that do not specify a namespace.
      # This field is not used to enforce or lock down the deployment to a specific namespace.
      # defaultNamespace: test

      # If present will assign all resource to this
      # namespace and if any cluster scoped resource exists the deployment will fail.
      # targetNamespace: app

      # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.
      # kustomize: ...

      # Helm options for the deployment, like the chart name, repo and values.
      # helm: ...

      # ServiceAccount which will be used to perform this deployment.
      # serviceAccount: sa

      # ForceSyncGeneration is used to force a redeployment.
      # forceSyncGeneration: 0

      # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.
      # yaml: ...

      # Diff can be used to ignore the modified state of objects which are amended at runtime.
      # A specific commit or tag can also be watched.
      #
      # diff: ...

      # KeepResources can be used to keep the deployed resources when removing the bundle.
      # keepResources: false

      # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.
      # paused: false

      # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.
      # rolloutStrategy: ...

      # Contain the actual resources from the git repo which will be deployed.
      resources:
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

      # This field is used by Fleet internally, and it should not be modified manually.
      # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.
      # targetRestrictions: ...

      # Refers to the bundles which must be ready before this bundle can be deployed.
      # dependsOn: ...

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/ref-configuration.html b/0.7/ref-configuration.html index f1f0832a5..0b9adfd82 100644 --- a/0.7/ref-configuration.html +++ b/0.7/ref-configuration.html @@ -4,16 +4,16 @@ Configuration | Fleet - - + +
    -
    Version: 0.7

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace and cluster name
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account

    Fleet agent configuration​

    Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a +

    Version: 0.7

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace and cluster name
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account

    Fleet agent configuration​

    Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a Cluster, see Registering Downstream Cluster for more info on how to create Clusters. Default configuration will be used if these fields are not provided.

    If you change the resources limits, make sure the limits allow the fleet-agent to work normally.

    Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults. -Agents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Agents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/ref-crds.html b/0.7/ref-crds.html index a0fc6a74d..b971dca87 100644 --- a/0.7/ref-crds.html +++ b/0.7/ref-crds.html @@ -4,13 +4,13 @@ Custom Resources Spec | Fleet - - + +
    -
    Version: 0.7

    Custom Resources Spec

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[]ResourcePerClusterStatefalse

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not providedstringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[]GitTargetfalse
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepoboolfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[]GitRepoResourcefalse
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[]BundleReffalse

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[]NonReadyStatusfalse
    modifiedStatus[]ModifiedStatusfalse
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contain the actual resources from the git repo which will be deployed.[]BundleResourcefalse
    targetsTargets refer to the clusters which will be deployed to.[]BundleTargetfalse
    targetRestrictionsTargetRestrictions restrict which clusters the bundle will be deployed to.[]BundleTargetRestrictionfalse
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse
    ignoreIgnore refers to the fields that will not be considered when monitoring the status.IgnoreOptionsfalse

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[]PartitionStatusfalse
    displayBundleDisplayfalse
    resourceKey[]ResourceKeyfalse
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[]NonReadyResourcefalse

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[]Operationfalse
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[]ComparePatchfalse

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[]ValuesFromfalse
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[]ModifiedStatusfalse
    nonReadyStatus[]NonReadyStatusfalse

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[]Partitionfalse

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    IgnoreOptions​

    FieldDescriptionSchemeRequired
    conditionsconditions to be ignored[]map[string]stringfalse

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse
    agentAffinityAgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used.*v1.Affinityfalse
    agentResourcesAgentResources sets the resources for the cluster's agent deployment.*v1.ResourceRequirementsfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    agentAffinityHashstringfalse
    agentResourcesHashstringfalse
    agentTolerationsHashstringfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.7

    Custom Resources Spec

    Sub Resources

    GitRepo​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsstringfalse
    statestringfalse
    messagestringfalse
    errorboolfalse

    Back to Custom Resources

    GitRepoResource​

    FieldDescriptionSchemeRequired
    apiVersionstringfalse
    kindstringfalse
    typestringfalse
    idstringfalse
    namespacestringfalse
    namestringfalse
    incompleteStateboolfalse
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    perClusterState[]ResourcePerClusterStatefalse

    Back to Custom Resources

    GitRepoResourceCounts​

    FieldDescriptionSchemeRequired
    readyinttrue
    desiredReadyinttrue
    waitAppliedinttrue
    modifiedinttrue
    orphanedinttrue
    missinginttrue
    unknowninttrue
    notReadyinttrue

    Back to Custom Resources

    GitRepoRestriction​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountstringfalse
    allowedServiceAccounts[]stringfalse
    allowedRepoPatterns[]stringfalse
    defaultClientSecretNamestringfalse
    allowedClientSecretNames[]stringfalse
    allowedTargetNamespaces[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and indexstringfalse
    branchBranch The git branch to followstringfalse
    revisionRevision A specific commit or tag to operate onstringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demandstringfalse
    clientSecretNameClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for private helm repositorystringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not providedstringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default[]stringfalse
    pausedPaused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSyncboolfalse
    serviceAccountServiceAccount used in the downstream cluster for deploymentstringfalse
    targetsTargets is a list of target this repo will deploy to[]GitTargetfalse
    pollingIntervalPollingInterval is how often to check git for new updates*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Gitint64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when new image is scanned and write back to git repoCommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepoboolfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationint64true
    commitstringfalse
    readyClustersinttrue
    desiredReadyClustersinttrue
    gitJobStatusstringfalse
    summaryBundleSummaryfalse
    displayGitRepoDisplayfalse
    conditions[]genericcondition.GenericConditionfalse
    resources[]GitRepoResourcefalse
    resourceCountsGitRepoResourceCountsfalse
    resourceErrors[]stringfalse
    lastSyncedImageScanTimemetav1.Timefalse

    Back to Custom Resources

    GitTarget​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    FieldDescriptionSchemeRequired
    statestringfalse
    errorboolfalse
    transitioningboolfalse
    messagestringfalse
    patch*GenericMapfalse
    clusterIdstringfalse

    Back to Custom Resources

    Bundle​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    stagedOptionsBundleDeploymentOptionsfalse
    stagedDeploymentIDstringfalse
    optionsBundleDeploymentOptionsfalse
    deploymentIDstringfalse
    dependsOn[]BundleReffalse

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[]NonReadyStatusfalse
    modifiedStatus[]ModifiedStatusfalse
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false

    Back to Custom Resources

    BundleDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    statestringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    namestringfalse
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    contentstringfalse
    encodingstringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contain the actual resources from the git repo which will be deployed.[]BundleResourcefalse
    targetsTargets refer to the clusters which will be deployed to.[]BundleTargetfalse
    targetRestrictionsTargetRestrictions restrict which clusters the bundle will be deployed to.[]BundleTargetRestrictionfalse
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse
    ignoreIgnore refers to the fields that will not be considered when monitoring the status.IgnoreOptionsfalse

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    newlyCreatedintfalse
    unavailableinttrue
    unavailablePartitionsinttrue
    maxUnavailableinttrue
    maxUnavailablePartitionsinttrue
    maxNewintfalse
    partitions[]PartitionStatusfalse
    displayBundleDisplayfalse
    resourceKey[]ResourceKeyfalse
    observedGenerationint64true

    Back to Custom Resources

    BundleSummary​

    FieldDescriptionSchemeRequired
    notReadyintfalse
    waitAppliedintfalse
    errAppliedintfalse
    outOfSyncintfalse
    modifiedintfalse
    readyinttrue
    pendingintfalse
    desiredReadyinttrue
    nonReadyResources[]NonReadyResourcefalse

    Back to Custom Resources

    BundleTarget​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleTargetRestriction​

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    operations[]Operationfalse
    jsonPointers[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    content[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatches[]ComparePatchfalse

    Back to Custom Resources

    HelmOptions​

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[]ValuesFromfalse
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    KustomizeOptions​

    FieldDescriptionSchemeRequired
    dirstringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    namestringtrue

    Back to Custom Resources

    ModifiedStatus​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    FieldDescriptionSchemeRequired
    namestringfalse
    bundleStateBundleStatefalse
    messagestringfalse
    modifiedStatus[]ModifiedStatusfalse
    nonReadyStatus[]NonReadyStatusfalse

    Back to Custom Resources

    NonReadyStatus​

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    FieldDescriptionSchemeRequired
    opstringfalse
    pathstringfalse
    valuestringfalse

    Back to Custom Resources

    Partition​

    FieldDescriptionSchemeRequired
    namestringfalse
    maxUnavailable*intstr.IntOrStringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    FieldDescriptionSchemeRequired
    namestringfalse
    countintfalse
    maxUnavailableintfalse
    unavailableintfalse
    summaryBundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse

    Back to Custom Resources

    RolloutStrategy​

    FieldDescriptionSchemeRequired
    maxUnavailable*intstr.IntOrStringfalse
    maxUnavailablePartitions*intstr.IntOrStringfalse
    autoPartitionSize*intstr.IntOrStringfalse
    partitions[]Partitionfalse

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    FieldDescriptionSchemeRequired
    overlays[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenmetav1.Timetrue
    namespacestringtrue
    nonReadyNodesinttrue
    readyNodesinttrue
    nonReadyNodeNamesAt most 3 nodes[]stringtrue
    readyNodeNamesAt most 3 nodes[]stringtrue

    Back to Custom Resources

    IgnoreOptions​

    FieldDescriptionSchemeRequired
    conditionsconditions to be ignored[]map[string]stringfalse

    Cluster​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesstringfalse
    readyNodesstringfalse
    sampleNodestringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroup​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersstringfalse
    readyBundlesstringfalse
    statestringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountinttrue
    nonReadyClusterCountinttrue
    nonReadyClusters[]stringfalse
    conditions[]genericcondition.GenericConditionfalse
    summaryBundleSummaryfalse
    displayClusterGroupDisplayfalse
    resourceCountsGitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDstringfalse
    clientRandomstringfalse
    clusterLabelsmap[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNamestringfalse
    grantedboolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttl*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expires*metav1.Timefalse
    secretNamestringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse
    agentAffinityAgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used.*v1.Affinityfalse
    agentResourcesAgentResources sets the resources for the cluster's agent deployment.*v1.ResourceRequirementsfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summaryBundleSummaryfalse
    resourceCountsGitRepoResourceCountsfalse
    readyGitReposinttrue
    desiredReadyGitReposinttrue
    agentEnvVarsHashstringfalse
    agentPrivateRepoURLstringfalse
    agentDeployedGeneration*int64false
    agentMigratedboolfalse
    agentNamespaceMigratedboolfalse
    cattleNamespaceMigratedboolfalse
    agentAffinityHashstringfalse
    agentResourcesHashstringfalse
    agentTolerationsHashstringfalse
    displayClusterDisplayfalse
    agentAgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/ref-fleet-yaml.html b/0.7/ref-fleet-yaml.html index 122a3b861..a136a6c7a 100644 --- a/0.7/ref-fleet-yaml.html +++ b/0.7/ref-fleet-yaml.html @@ -4,13 +4,13 @@ fleet.yaml | Fleet - - + +
    -
    Version: 0.7

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to the struct at pkg/bundlereader/read.go, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # Optional map of labels, that are set at the bundle and can be used in a
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. Note, if the functions output changes with every
      # call, e.g. `uuidv4`, the bundle will get redeployed.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true

    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector:
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name.
      clusterName: dev-cluster
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey

    # Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources
    # makes the Bundle to be in an error state when it shouldn't.
    ignore:
      # Conditions to be ignored
      conditions:
      # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}
      - type: Active
        status: "False"
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.7

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to the struct at pkg/bundlereader/read.go, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # Optional map of labels, that are set at the bundle and can be used in a
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. Note, if the functions output changes with every
      # call, e.g. `uuidv4`, the bundle will get redeployed.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true

    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector:
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name.
      clusterName: dev-cluster
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey

    # Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources
    # makes the Bundle to be in an error state when it shouldn't.
    ignore:
      # Conditions to be ignored
      conditions:
      # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}
      - type: Active
        status: "False"
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/ref-gitrepo.html b/0.7/ref-gitrepo.html index 85dd8857a..3f8d1d88e 100644 --- a/0.7/ref-gitrepo.html +++ b/0.7/ref-gitrepo.html @@ -4,14 +4,14 @@ GitRepo Resource | Fleet - - + +
    -
    Version: 0.7

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. -For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
      # Credentials will always be used if it is empty or not provided
      #
      # helmRepoURLRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      # If empty, the "default" cluster group is used.
      #
      # targets: ...
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.7

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. +For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
      # Credentials will always be used if it is empty or not provided
      #
      # helmRepoURLRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      # If empty, the "default" cluster group is used.
      #
      # targets: ...
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/ref-registration.html b/0.7/ref-registration.html index 5388c518b..6f5e42d11 100644 --- a/0.7/ref-registration.html +++ b/0.7/ref-registration.html @@ -4,14 +4,14 @@ Cluster Registration Internals | Fleet - - + +
    -
    Version: 0.7

    Cluster Registration Internals

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. -It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.7

    Cluster Registration Internals

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. +It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/ref-resources.html b/0.7/ref-resources.html index e088e392c..010757f82 100644 --- a/0.7/ref-resources.html +++ b/0.7/ref-resources.html @@ -4,13 +4,13 @@ Custom Resources | Fleet - - + +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/troubleshooting.html b/0.7/troubleshooting.html index 84f09cce5..35b4fe414 100644 --- a/0.7/troubleshooting.html +++ b/0.7/troubleshooting.html @@ -4,16 +4,16 @@ Troubleshooting | Fleet - - + +
    -
    Version: 0.7

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Fetch detailed status from GitRepos and Bundles?​

    For debugging and bug reports the raw JSON of the resources status fields is most useful. +

    Version: 0.7

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Fetch detailed status from GitRepos and Bundles?​

    For debugging and bug reports the raw JSON of the resources status fields is most useful. This can be accessed in the Rancher UI, or through kubectl:

    kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}
    kubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name>
    helm:
      releaseName: <release name>
      repo: <repo name>
      chart: <chart name>
    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'

    Nested GitRepo CRs​

    Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available.

    Migrate the local cluster to the Fleet default cluster workspace?​

    Users can create new workspaces and move clusters across workspaces. -It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/tut-deployment.html b/0.7/tut-deployment.html index c82ff93e1..3bbab6680 100644 --- a/0.7/tut-deployment.html +++ b/0.7/tut-deployment.html @@ -4,17 +4,17 @@ Creating a Deployment | Fleet - - + +
    -
    Version: 0.7

    Creating a Deployment

    To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.

    This tutorial uses the fleet-examples repository.

    note

    For more details on how to structure the repository and configure the deployment of each bundle see GitRepo Contents. +

    Version: 0.7

    Creating a Deployment

    To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.

    This tutorial uses the fleet-examples repository.

    note

    For more details on how to structure the repository and configure the deployment of each bundle see GitRepo Contents. For more details on the options that are available per Git repository see Adding a GitRepo.

    Single-Cluster Examples​

    All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet.

    An example using Helm. We are deploying the helm example to the local cluster.

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment:

    fleet.yaml
    namespace: fleet-helm-example

    # Custom helm options
    helm:
      # The release name to use. If empty a generated release name will be used
      releaseName: guestbook

      # The directory of the chart in the repo.  Also any valid go-getter supported
      # URL can be used there is specify where to download the chart from.
      # If repo below is set this value if the chart name in the repo
      chart: ""

      # An https to a valid Helm repository to download the chart from
      repo: ""

      # Used if repo is set to look up the version of the chart
      version: ""

      # Force recreate resource that can not be updated
      force: false

      # How long for helm to wait for the release to be active. If the value
      # is less that or equal to zero, we will not wait in Helm
      timeoutSeconds: 0

      # Custom values that will be passed as values.yaml to the installation
      values:
        replicas: 2

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-local namespace contains the local cluster resource. The local fleet-agent will create the deployment in the fleet-helm-example namespace.

    kubectl apply -n fleet-local -f - <<EOF
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - single-cluster/helm
    EOF

    Multi-Cluster Examples​

    The examples below will deploy a multi git repo to multiple clusters at once and configure the app differently for each target.

    An example using Helm. We are deploying the helm example and customizing it per target cluster

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment. The fleet.yaml is used to configure different deployment options, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-helm-example
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/helm
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod

    By applying the gitrepo resource to the upstream cluster, fleet will start to monitor the repository and create deployments:

    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +The application will be customized as follows per environment:

    • Dev clusters: Only the redis leader is deployed and not the followers.
    • Test clusters: Scale the front deployment to 3
    • Prod clusters: Scale the front deployment to 3 and set the service type to LoadBalancer

    The fleet.yaml is used to control which 'yaml' overlays are used, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-manifest-example
    targetCustomizations:
    - name: dev
      clusterSelector:
        matchLabels:
          env: dev
      yaml:
        overlays:
        # Refers to overlays/noreplication folder
        - noreplication

    - name: test
      clusterSelector:
        matchLabels:
          env: test
      yaml:
        overlays:
        # Refers to overlays/scale3 folder
        - scale3

    - name: prod
      clusterSelector:
        matchLabels:
          env: prod
      yaml:
        # Refers to overlays/servicelb, scale3 folders
        overlays:
        - servicelb
        - scale3

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: manifests
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/manifests
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod
    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/uninstall.html b/0.7/uninstall.html index 9c3d9c87d..1c0912cdd 100644 --- a/0.7/uninstall.html +++ b/0.7/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - - + +
    -
    Version: 0.7

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by +

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    caution

    Uninstalling the CRDs will remove all deployed workloads.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.7/webhook.html b/0.7/webhook.html index 4e282b775..0b56eaa22 100644 --- a/0.7/webhook.html +++ b/0.7/webhook.html @@ -4,16 +4,16 @@ Using Webhooks Instead of Polling | Fleet - - + +
    -
    Version: 0.7

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, +

    Version: 0.7

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8.html b/0.8.html index 2ad06a21f..825b63701 100644 --- a/0.8.html +++ b/0.8.html @@ -4,13 +4,13 @@ Overview | Fleet - - + +
    -
    Version: 0.8

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/architecture.html b/0.8/architecture.html index 7afe079f8..b7a9542f6 100644 --- a/0.8/architecture.html +++ b/0.8/architecture.html @@ -4,12 +4,12 @@ Architecture | Fleet - - + +
    -
    Version: 0.8

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These +

    Version: 0.8

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These components work in a two-stage pull model. The Fleet manager will pull from git and the cluster agents will pull from the Fleet manager.

    Fleet Manager​

    The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes cluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/bundle-add.html b/0.8/bundle-add.html index d6d862b13..d93e5a36b 100644 --- a/0.8/bundle-add.html +++ b/0.8/bundle-add.html @@ -4,19 +4,19 @@ Create a Bundle Resource | Fleet - - + +
    -
    Version: 0.8

    Create a Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created +

    Version: 0.8

    Create a Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created manually by the user. If you want to deploy resources from a git repository use a GitRepo instead.

    If you want to deploy resources without a git repository follow this guide to create a Bundle.

    When creating a GitRepo Fleet will fetch the resources from a git repository, and add them to a Bundle. When creating a Bundle resources need to be explicitly specified in the Bundle Spec. Resources can be compressed with gz. See here an example of how Rancher uses compression in go code.

    If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in GitRepo. -See Mapping to Downstream Clusters.

    The following example creates a nginx Deployment in the local cluster:

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      resources:
      # List of all resources that will be deployed
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml
      targets:
      - clusterName: local

    Limitations​

    Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:

    • spec.helm.repo
    • spec.helm.charts

    You can't use a fleet.yaml in resources, it is only used by the fleet-cli to create bundles.

    The spec.targetRestrictions field is not useful, as it is an allow list for targets specified in spec.targets. It is not needed, since targets are explicitly given in a bundle and an empty targetRestrictions defaults to allow.

    Convert a Helm Chart into a Bundle​

    You can use the Fleet CLI to convert a Helm chart into a bundle.

    For example, you can download and convert the "external secrets" operator chart like this:

    cat > targets.yaml <<EOF
    targets:
    - clusterSelector: {}
    EOF

    mkdir app
    cat > app/fleet.yaml <<EOF
    defaultNamespace: external-secrets
    helm:
      repo: https://charts.external-secrets.io
      chart: external-secrets
    EOF

    fleet apply --compress --targets-file=targets.yaml -n fleet-default -o - external-secrets app > eso-bundle.yaml

    kubectl apply -f eso-bundle.yaml

    Make sure you use a cluster selector in targets.yaml, that matches all clusters you want to deploy to.

    The blog post on Fleet: Multi-Cluster Deployment with the Help of External Secrets has more information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +See Mapping to Downstream Clusters.

    The following example creates a nginx Deployment in the local cluster:

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      resources:
      # List of all resources that will be deployed
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml
      targets:
      - clusterName: local

    Limitations​

    Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:

    • spec.helm.repo
    • spec.helm.charts

    You can't use a fleet.yaml in resources, it is only used by the fleet-cli to create bundles.

    The spec.targetRestrictions field is not useful, as it is an allow list for targets specified in spec.targets. It is not needed, since targets are explicitly given in a bundle and an empty targetRestrictions defaults to allow.

    Convert a Helm Chart into a Bundle​

    You can use the Fleet CLI to convert a Helm chart into a bundle.

    For example, you can download and convert the "external secrets" operator chart like this:

    cat > targets.yaml <<EOF
    targets:
    - clusterSelector: {}
    EOF

    mkdir app
    cat > app/fleet.yaml <<EOF
    defaultNamespace: external-secrets
    helm:
      repo: https://charts.external-secrets.io
      chart: external-secrets
    EOF

    fleet apply --compress --targets-file=targets.yaml -n fleet-default -o - external-secrets app > eso-bundle.yaml

    kubectl apply -f eso-bundle.yaml

    Make sure you use a cluster selector in targets.yaml, that matches all clusters you want to deploy to.

    The blog post on Fleet: Multi-Cluster Deployment with the Help of External Secrets has more information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/bundle-diffs.html b/0.8/bundle-diffs.html index 3494a0d4b..aeb042bf0 100644 --- a/0.8/bundle-diffs.html +++ b/0.8/bundle-diffs.html @@ -4,14 +4,14 @@ Generating Diffs to Ignore Modified GitRepos | Fleet - - + +
    -
    Version: 0.8

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle -

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    In this simple example, we create a Service and ConfigMap that we apply a bundle diff onto.

    https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    In this simple example, we create a Service and ConfigMap that we apply a bundle diff onto.

    https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/cli/fleet-agent.html b/0.8/cli/fleet-agent.html index 31248e64d..2672a57c3 100644 --- a/0.8/cli/fleet-agent.html +++ b/0.8/cli/fleet-agent.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Version: 0.8

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
          --simulators int            Numbers of simulators to run
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/cli/fleet-cli/fleet.html b/0.8/cli/fleet-cli/fleet.html index 7a357e746..8e4211f04 100644 --- a/0.8/cli/fleet-cli/fleet.html +++ b/0.8/cli/fleet-cli/fleet.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Version: 0.8

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/cli/fleet-cli/fleet_apply.html b/0.8/cli/fleet-cli/fleet_apply.html index 2225f95bf..4fdfc388d 100644 --- a/0.8/cli/fleet-cli/fleet_apply.html +++ b/0.8/cli/fleet-cli/fleet_apply.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Version: 0.8

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string           Location of the raw Bundle resource yaml
          --cacerts-file string          Path of custom cacerts for helm repo
          --commit string                Commit to assign to the bundle
      -c, --compress                     Force all resources to be compress
          --debug                        Turn on debug logging
          --debug-level int              If debugging is enabled, set klog -v=X
      -f, --file string                  Location of the fleet.yaml
      -h, --help                         help for apply
      -l, --label strings                Labels to apply to created bundles
      -o, --output string                Output contents to file or - for stdout
          --password-file string         Path of file containing basic auth password for helm repo
          --paused                       Create bundles in a paused state
      -a, --service-account string       Service account to assign to bundle created
          --ssh-privatekey-file string   Path of ssh-private-key for helm repo
          --sync-generation int          Generation number used to force sync the deployment
          --target-namespace string      Ensure this bundle goes to this target namespace
          --targets-file string          Addition source of targets and restrictions to be append
          --username string              Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/cli/fleet-cli/fleet_test.html b/0.8/cli/fleet-cli/fleet_test.html index d5f199e86..e02a344f5 100644 --- a/0.8/cli/fleet-cli/fleet_test.html +++ b/0.8/cli/fleet-cli/fleet_test.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Version: 0.8

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/cli/fleet-controller/fleet-manager.html b/0.8/cli/fleet-controller/fleet-manager.html index 783190ea9..8d38ce50e 100644 --- a/0.8/cli/fleet-controller/fleet-manager.html +++ b/0.8/cli/fleet-controller/fleet-manager.html @@ -4,13 +4,13 @@ Fleet - - + +
    -
    Version: 0.8

    fleet-manager​

    fleet-manager [flags]

    Options​

          --debug               Turn on debug logging
          --debug-level int     If debugging is enabled, set klog -v=X
          --disable-bootstrap   disable agent on local cluster
          --disable-gitops      disable gitops components
      -h, --help                help for fleet-manager
          --kubeconfig string   Kubeconfig file
          --namespace string    namespace to watch (default "cattle-fleet-system")
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    fleet-manager​

    fleet-manager [flags]

    Options​

          --debug               Turn on debug logging
          --debug-level int     If debugging is enabled, set klog -v=X
          --disable-bootstrap   disable agent on local cluster
          --disable-gitops      disable gitops components
      -h, --help                help for fleet-manager
          --kubeconfig string   Kubeconfig file
          --namespace string    namespace to watch (default "cattle-fleet-system")
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/cluster-bundles-state.html b/0.8/cluster-bundles-state.html index f4a487a76..d0485b743 100644 --- a/0.8/cluster-bundles-state.html +++ b/0.8/cluster-bundles-state.html @@ -4,13 +4,13 @@ Cluster and Bundle State | Fleet - - + +
    -
    Version: 0.8

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/cluster-group.html b/0.8/cluster-group.html index df540a852..0146f21c0 100644 --- a/0.8/cluster-group.html +++ b/0.8/cluster-group.html @@ -4,17 +4,17 @@ Create Cluster Groups | Fleet - - + +
    -
    Version: 0.8

    Create Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. +

    Version: 0.8

    Create Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. The only parameter for a cluster group is essentially the selector. When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. Cluster groups serve the purpose of giving aggregated -status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/cluster-registration.html b/0.8/cluster-registration.html index a30f57e35..f61ed39c3 100644 --- a/0.8/cluster-registration.html +++ b/0.8/cluster-registration.html @@ -4,12 +4,12 @@ Register Downstream Clusters | Fleet - - + +
    -
    Version: 0.8

    Register Downstream Clusters

    Overview​

    There are two specific styles to registering clusters. These styles will be referred +

    Version: 0.8

    Register Downstream Clusters

    Overview​

    There are two specific styles to registering clusters. These styles will be referred to as agent-initiated and manager-initiated registration. Typically one would go with the agent-initiated registration but there are specific use cases in which manager-initiated is a better workflow.

    Agent-Initiated Registration​

    Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a @@ -75,8 +75,8 @@ above example one can run the following one-liner:

    info

    If you are using Fleet standalone without Rancher, it must be installed as described in installation details.

    The manager-initiated registration is used when you add a cluster from the Rancher dashboard.

    Create Kubeconfig Secret​

    The format of this secret is intended to match the format of the kubeconfig secret used in cluster-api. -This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/concepts.html b/0.8/concepts.html index dcdab6e7a..35e2d13c2 100644 --- a/0.8/concepts.html +++ b/0.8/concepts.html @@ -4,12 +4,12 @@ Core Concepts | Fleet - - + +
    -
    Version: 0.8

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers +

    Version: 0.8

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers to manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters.

    info

    For more on the naming conventions of CRDs, click here.

    Below are some of the concepts of Fleet that will be useful throughout this documentation:

    • Fleet Manager: The centralized component that orchestrates the deployments of Kubernetes assets from git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a single cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps.
    • Fleet controller: The controller(s) running on the Fleet manager orchestrating GitOps. In practice, @@ -24,8 +24,8 @@ Regardless of the source the contents are dynamically rendered into a Helm chart and installed into the downstream cluster as a helm release.

      • To see the life cycle of a bundle, click here.

    • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for -the cluster the agent is managing.

      • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

    • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

    • Cluster Registration Token: Tokens used by agents to register a new cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the cluster the agent is managing.

    • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

  • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

  • Cluster Registration Token: Tokens used by agents to register a new cluster.

    • Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/gitrepo-add.html b/0.8/gitrepo-add.html index dc9975791..dc941cb27 100644 --- a/0.8/gitrepo-add.html +++ b/0.8/gitrepo-add.html @@ -4,19 +4,19 @@ Create a GitRepo Resource | Fleet - - + +
    -
    Version: 0.8

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer +

    Version: 0.8

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer to the creating a deployment tutorial for examples.

    Git Repository Contents has detail about the content of the Git repository.

    The available fields of the GitRepo custom resource are documented in the GitRepo resource reference

    Proper Namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. Make sure you don't leak credentials by mixing public and private repositories. Use different helm credentials for each path, or split them into different gitrepos, or use helmRepoURLRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Use different helm credentials for each path​

    info

    gitRepo.spec.helmSecretName will be ignored if gitRepo.spec.helmSecretNameForPaths is provided

    Create a file secrets-path.yaml that contains credentials for each path defined in a GitRepo. Credentials will not be used for paths that are not present in this file. The path is the actual path to the bundle (ie to a folder containing a fleet.yaml file) within the git repository, which might have more segments than the entry under paths:.

    Example:

    path-one: # path path-one must exist in the repository
      username: user
      password: pass
    path-two:  # path path-one must exist in the repository
      username: user2
      password: pass2
      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
      sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K

    Create the secret

    kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml

    In the previous example credentials for username user will be used for the path path-one and credentials for username -user2 will be used for the path path-two.

    caBundle and sshPrivateKey must be base64 encoded.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +user2 will be used for the path path-two.

    caBundle and sshPrivateKey must be base64 encoded.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/gitrepo-content.html b/0.8/gitrepo-content.html index c9b1294aa..465211caf 100644 --- a/0.8/gitrepo-content.html +++ b/0.8/gitrepo-content.html @@ -4,12 +4,12 @@ Git Repository Contents | Fleet - - + +
    -
    Version: 0.8

    Git Repository Contents

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. +

    Version: 0.8

    Git Repository Contents

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. Bundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not specified within fleet.yaml it is generated from GitRepo.name + path. Long names are truncated and a -<hash> prefix is added.

    The git repository has no explicitly required structure. It is important to realize the scanned resources will be saved as a resource in Kubernetes so @@ -51,8 +51,8 @@ the contents of a file the convention of adding _patch. (notice the will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written -using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/gitrepo-targets.html b/0.8/gitrepo-targets.html index 3658245a0..2355f7feb 100644 --- a/0.8/gitrepo-targets.html +++ b/0.8/gitrepo-targets.html @@ -4,12 +4,12 @@ Mapping to Downstream Clusters | Fleet - - + +
    -
    Version: 0.8

    Mapping to Downstream Clusters

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    info

    Multi-cluster Only: +

    Version: 0.8

    Mapping to Downstream Clusters

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    info

    Multi-cluster Only: This approach only applies if you are running Fleet in a multi-cluster style If no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.

    When deploying GitRepos to downstream clusters the clusters must be mapped to a target.

    Defining Targets​

    The deployment targets of GitRepo is done using the spec.targets field to match clusters or cluster groups. The YAML specification is as below.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: myrepo
      namespace: clusters
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - simple

      # Targets are evaluated in order and the first one to match is used. If
      # no targets match then the evaluated cluster will not be deployed to.
      targets:
      # The name of target. This value is largely for display and logging.
      # If not specified a default name of the format "target000" will be used
      - name: prod
        # A selector used to match clusters.  The structure is the standard
        # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
        # clusterSelector will be used only to further refine the selection after
        # clusterGroupSelector and clusterGroup is evaluated.
        clusterSelector:
          matchLabels:
            env: prod
        # A selector used to match cluster groups.
        clusterGroupSelector:
          matchLabels:
            region: us-east
        # A specific clusterGroup by name that will be selected
        clusterGroup: group1
        # A specific cluster by name that will be selected
        clusterName: cluster1

    Target Matching​

    All clusters and cluster groups in the same namespace as the GitRepo will be evaluated against all targets. @@ -23,8 +23,8 @@ and add clusters to it.

    this issue for more details.

  • Helm.WaitForJobs

  • Kustomize.Dir

  • YAML.Overlays

  • Diff.ComparePatches

    • Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations -of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/imagescan.html b/0.8/imagescan.html index 9bd3f7087..97ff2321d 100644 --- a/0.8/imagescan.html +++ b/0.8/imagescan.html @@ -4,15 +4,15 @@ Using Image Scan to Update Container Image References | Fleet - - + +
    -
    Version: 0.8

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, +

    Version: 0.8

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order
    - policy:
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver:
          range: "*"
        # can use ascending or descending order
        alphabetical:
          order: asc

      # specify images to scan
      image: "your.registry.com/repo/image"

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. -Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/installation.html b/0.8/installation.html index 570120a28..31a59a441 100644 --- a/0.8/installation.html +++ b/0.8/installation.html @@ -4,12 +4,12 @@ Installation Details | Fleet - - + +
    -
    Version: 0.8

    Installation Details

    The installation is broken up into two different use cases: single and multi-cluster. +

    Version: 0.8

    Installation Details

    The installation is broken up into two different use cases: single and multi-cluster. The single cluster install is for if you wish to use GitOps to manage a single cluster, in which case you do not need a centralized manager cluster. In the multi-cluster use case you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting @@ -37,8 +37,8 @@ the ca.pem is not correct. The contents of the $API_SERVER_CA and the CA certificate is in the file ca.pem. If your API server URL is signed by a well-known CA you can omit the apiServerCA parameter below or just create an empty ca.pem file (ie touch ca.pem).

    Setup the environment with your specific values, e.g.:

    API_SERVER_URL="https://example.com:6443"
    API_SERVER_CA="ca.pem"

    Once you have validated the API server URL and API server CA parameters, install the following two Helm charts.

    First add Fleet's Helm repository.
    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Second install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd

    Third install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="$API_SERVER_URL" \
        --set-file apiServerCA="$API_SERVER_CA" \
        fleet

    At this point the Fleet manager should be ready. You can now register clusters and git repos with -the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/multi-user.html b/0.8/multi-user.html index 6c7abc679..523b449b3 100644 --- a/0.8/multi-user.html +++ b/0.8/multi-user.html @@ -4,12 +4,12 @@ Setup Multi User | Fleet - - + +
    -
    Version: 0.8

    Setup Multi User

    Fleet uses Kubernetes RBAC where possible.

    One addition on top of RBAC is the GitRepoRestriction resource, which can be used to control GitRepo resources in a namespace.

    A multi-user fleet setup looks like this:

    • tenants don't share namespaces, each tenant has one or more namespaces on the +
      Version: 0.8

      Setup Multi User

      Fleet uses Kubernetes RBAC where possible.

      One addition on top of RBAC is the GitRepoRestriction resource, which can be used to control GitRepo resources in a namespace.

      A multi-user fleet setup looks like this:

      • tenants don't share namespaces, each tenant has one or more namespaces on the upstream cluster, where they can create GitRepo resources
      • tenants can't deploy cluster wide resources and are limited to a set of namespaces on downstream clusters
      • clusters are in a separate namespace

      Shared Clusters

      important information

      The isolation of tenants is not complete and relies on Kubernetes RBAC to be set up correctly. Without manual setup from an operator tenants can still @@ -17,8 +17,8 @@ deploy cluster wide resources. Even with the available Fleet restrictions, users are only restricted to namespaces, but namespaces don't provide much isolation on their own. E.g. they can still consume as many resources as they like.

      However, the existing Fleet restrictions allow users to share clusters, and -deploy resources without conflicts.

      Example User​

      This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

      kubectl create serviceaccount fleetuser
      kubectl create namespace project1
      kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
      kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

      If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

      kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
      kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
      kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

      This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

      Allow Access to Clusters​

      This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

      In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

      kind: BundleNamespaceMapping
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: mapping
        namespace: project1

      # Bundles to match by label.
      # The labels are defined in the fleet.yaml # labels field or from the
      # GitRepo metadata.labels field
      bundleSelector:
        matchLabels:
          team: one
          # or target one repo
          #fleet.cattle.io/repo-name: simpleapp

      # Namespaces, containing clusters, to match by label
      namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: fleet-default
          # the label is on the namespace
          #workspace: prod

      The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

      Restricting Access to Downstream Clusters​

      Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

      kind: GitRepoRestriction
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: restriction
        namespace: project1

      allowedTargetNamespaces:
        - project1simpleapp

      This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

      An Example GitRepo Resource​

      A GitRepo resource created by a tenant, without admin access could look like this:

      kind: GitRepo
      apiVersion: fleet.cattle.io/v1alpha1
      metadata:
        name: simpleapp
        namespace: project1
        labels:
          team: one

      spec:
        repo: https://github.com/rancher/fleet-examples
        paths:
        - bundle-diffs

        targetNamespace: project1simpleapp

        # do not match the upstream/local cluster, won't work
        targets:
        - name: dev
          clusterSelector:
            matchLabels:
              env: dev

      This includes the team: one label and and the required targetNamespace.

      Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

      note

      BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

      Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +deploy resources without conflicts.

    Example User​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource created by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/namespaces.html b/0.8/namespaces.html index 92c075f54..96937ca3e 100644 --- a/0.8/namespaces.html +++ b/0.8/namespaces.html @@ -4,12 +4,12 @@ Namespaces | Fleet - - + +
    -
    Version: 0.8

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces +

    Version: 0.8

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces of the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is important to understand the security model and how one can use Fleet in a multi-tenant fashion.

    GitRepos, Bundles, Clusters, ClusterGroups​

    The primary types are all scoped to a namespace. All selectors for GitRepo targets will be evaluated against the Clusters and ClusterGroups in the same namespaces. This means that if you give create or update privileges @@ -39,8 +39,8 @@ in an error state and won't be deployed.

    This can also be used to set If an allowedTargetNamespaces restriction is present, all GitRepos must specify a targetNamespace and the specified namespace must be in the allow list. -This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/quickstart.html b/0.8/quickstart.html index a768a7b2a..5264d78bf 100644 --- a/0.8/quickstart.html +++ b/0.8/quickstart.html @@ -4,15 +4,15 @@ Quick Start | Fleet - - + +
    -
    Version: 0.8

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is +

    Version: 0.8

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is fairly straightforward. To install the Helm 3 CLI follow the official install instructions.

    Fleet in Rancher

    Rancher has separate helm charts for Fleet and uses a different repository.

    brew install helm
    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \
        fleet/fleet-crd
    helm -n cattle-fleet-system install --create-namespace --wait fleet \
        fleet/fleet

    Add a Git Repo to Watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should -be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be ran in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/ref-bundle-stages.html b/0.8/ref-bundle-stages.html index 657a1fa77..3bc347eed 100644 --- a/0.8/ref-bundle-stages.html +++ b/0.8/ref-bundle-stages.html @@ -4,13 +4,13 @@ Bundle Lifecycle | Fleet - - + +
    -
    Version: 0.8

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/ref-bundle.html b/0.8/ref-bundle.html index a8bf1de06..c4d3e2caf 100644 --- a/0.8/ref-bundle.html +++ b/0.8/ref-bundle.html @@ -4,14 +4,14 @@ Bundle Resource | Fleet - - + +
    -
    Version: 0.8

    Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created.

    The content of the resource corresponds to the BundleSpec. -For more information on how to use the Bundle resource Create a Bundle Resource.

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # Namespace used for resources that do not specify a namespace.
      # This field is not used to enforce or lock down the deployment to a specific namespace.
      # defaultNamespace: test

      # If present will assign all resource to this
      # namespace and if any cluster scoped resource exists the deployment will fail.
      # targetNamespace: app

      # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.
      # kustomize: ...

      # Helm options for the deployment, like the chart name, repo and values.
      # helm: ...

      # ServiceAccount which will be used to perform this deployment.
      # serviceAccount: sa

      # ForceSyncGeneration is used to force a redeployment.
      # forceSyncGeneration: 0

      # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.
      # yaml: ...

      # Diff can be used to ignore the modified state of objects which are amended at runtime.
      # A specific commit or tag can also be watched.
      #
      # diff: ...

      # KeepResources can be used to keep the deployed resources when removing the bundle.
      # keepResources: false

      # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.
      # paused: false

      # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.
      # rolloutStrategy: ...

      # Contain the actual resources from the git repo which will be deployed.
      resources:
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

      # This field is used by Fleet internally, and it should not be modified manually.
      # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.
      # targetRestrictions: ...

      # Refers to the bundles which must be ready before this bundle can be deployed.
      # dependsOn: ...

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created.

    The content of the resource corresponds to the BundleSpec. +For more information on how to use the Bundle resource Create a Bundle Resource.

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # Namespace used for resources that do not specify a namespace.
      # This field is not used to enforce or lock down the deployment to a specific namespace.
      # defaultNamespace: test

      # If present will assign all resource to this
      # namespace and if any cluster scoped resource exists the deployment will fail.
      # targetNamespace: app

      # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.
      # kustomize: ...

      # Helm options for the deployment, like the chart name, repo and values.
      # helm: ...

      # ServiceAccount which will be used to perform this deployment.
      # serviceAccount: sa

      # ForceSyncGeneration is used to force a redeployment.
      # forceSyncGeneration: 0

      # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.
      # yaml: ...

      # Diff can be used to ignore the modified state of objects which are amended at runtime.
      # A specific commit or tag can also be watched.
      #
      # diff: ...

      # KeepResources can be used to keep the deployed resources when removing the bundle.
      # keepResources: false

      # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.
      # paused: false

      # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.
      # rolloutStrategy: ...

      # Contain the actual resources from the git repo which will be deployed.
      resources:
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

      # This field is used by Fleet internally, and it should not be modified manually.
      # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.
      # targetRestrictions: ...

      # Refers to the bundles which must be ready before this bundle can be deployed.
      # dependsOn: ...

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/ref-configuration.html b/0.8/ref-configuration.html index 707f63f9a..854590992 100644 --- a/0.8/ref-configuration.html +++ b/0.8/ref-configuration.html @@ -4,16 +4,16 @@ Configuration | Fleet - - + +
    -
    Version: 0.8

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace and cluster name
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account

    Fleet agent configuration​

    Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a +

    Version: 0.8

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace and cluster name
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account

    Fleet agent configuration​

    Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a Cluster, see Registering Downstream Cluster for more info on how to create Clusters. Default configuration will be used if these fields are not provided.

    If you change the resources limits, make sure the limits allow the fleet-agent to work normally.

    Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults. -Agents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +Agents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/ref-crds.html b/0.8/ref-crds.html index fd0922ecc..459925d5f 100644 --- a/0.8/ref-crds.html +++ b/0.8/ref-crds.html @@ -4,13 +4,13 @@ Custom Resources Spec | Fleet - - + +
    -
    Version: 0.8

    Custom Resources Spec

    Sub Resources

    CorrectDrift​

    FieldDescriptionSchemeRequired
    enabledEnabled correct drift if true.boolfalse
    forceForce helm rollback with --force option will be used if true. This will try to recreate all resources in the release.boolfalse
    keepFailHistoryKeepFailHistory keeps track of failed rollbacks in the helm history.boolfalse

    Back to Custom Resources

    GitRepo​

    GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsReadyBundleDeployments is a string in the form \"%d/%d\", that describes the number of ready bundledeployments over the total number of bundledeployments.stringfalse
    stateState is the state of the GitRepo, e.g. \"GitUpdating\" or the maximal BundleState according to StateRank.stringfalse
    messageMessage contains the relevant message from the deployment conditions.stringfalse
    errorError is true if a message is present.boolfalse

    Back to Custom Resources

    GitRepoResource​

    GitRepoResource contains metadata about the resources of a bundle.

    FieldDescriptionSchemeRequired
    apiVersionAPIVersion is the API version of the resource.stringfalse
    kindKind is the k8s kind of the resource.stringfalse
    typeType is the type of the resource, e.g. \"apiextensions.k8s.io.customresourcedefinition\" or \"configmap\".stringfalse
    idID is the name of the resource, e.g. \"namespace1/my-config\" or \"backingimagemanagers.storage.io\".stringfalse
    namespaceNamespace of the resource.stringfalse
    nameName of the resource.stringfalse
    incompleteStateIncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states.boolfalse
    stateState is the state of the resource, e.g. \"Unknown\", \"WaitApplied\", \"ErrApplied\" or \"Ready\".stringfalse
    errorError is true if any Error in the PerClusterState is true.boolfalse
    transitioningTransitioning is true if any Transitioning in the PerClusterState is true.boolfalse
    messageMessage is the first message from the PerClusterStates.stringfalse
    perClusterStatePerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources.[]ResourcePerClusterStatefalse

    Back to Custom Resources

    GitRepoResourceCounts​

    GitRepoResourceCounts contains the number of resources in each state.

    FieldDescriptionSchemeRequired
    readyReady is the number of ready resources.inttrue
    desiredReadyDesiredReady is the number of resources that should be ready.inttrue
    waitAppliedWaitApplied is the number of resources that are waiting to be applied.inttrue
    modifiedModified is the number of resources that have been modified.inttrue
    orphanedOrphaned is the number of orphaned resources.inttrue
    missingMissing is the number of missing resources.inttrue
    unknownUnknown is the number of resources in an unknown state.inttrue
    notReadyNotReady is the number of not ready resources. Resources are not ready if they do not match any other state.inttrue

    Back to Custom Resources

    GitRepoRestriction​

    GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountDefaultServiceAccount overrides the GitRepo's default service account.stringfalse
    allowedServiceAccountsAllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use.[]stringfalse
    allowedRepoPatternsAllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo.[]stringfalse
    defaultClientSecretNameDefaultClientSecretName overrides the GitRepo's default client secret.stringfalse
    allowedClientSecretNamesAllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use.[]stringfalse
    allowedTargetNamespacesAllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set.[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and index.stringfalse
    branchBranch The git branch to follow.stringfalse
    revisionRevision A specific commit or tag to operate on.stringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand.stringfalse
    clientSecretNameClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for a private Helm repository.stringfalse
    helmSecretNameForPathsHelmSecretNameForPaths contains the auth secret for private Helm repository for each path.stringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided.stringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default.[]stringfalse
    pausedPaused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync.boolfalse
    serviceAccountServiceAccount used in the downstream cluster for deployment.stringfalse
    targetsTargets is a list of targets this repo will deploy to.[]GitTargetfalse
    pollingIntervalPollingInterval is how often to check git for new updates.*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Git.int64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo.*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when a new image is scanned and written back to git repo.CommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepo.boolfalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status.int64true
    commitCommit is the Git commit hash from the last gitjob run.stringfalse
    readyClustersReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo.inttrue
    desiredReadyClustersDesiredReadyClusters\tis the number of clusters that should be ready for bundles of this GitRepo.inttrue
    gitJobStatusGitJobStatus is the status of the last GitJob run, e.g. \"Current\" if there was no error.stringfalse
    summarySummary contains the number of bundle deployments in each state and a list of non-ready resources.BundleSummaryfalse
    displayDisplay contains a human readable summary of the status.GitRepoDisplayfalse
    conditionsConditions is a list of Wrangler conditions that describe the state of the GitRepo.[]genericcondition.GenericConditionfalse
    resourcesResources contains metadata about the resources of each bundle.[]GitRepoResourcefalse
    resourceCountsResourceCounts contains the number of resources in each state over all bundles.GitRepoResourceCountsfalse
    resourceErrorsResourceErrors is a sorted list of errors from the resources.[]stringfalse
    lastSyncedImageScanTimeLastSyncedImageScanTime is the time of the last image scan.metav1.Timefalse

    Back to Custom Resources

    GitTarget​

    GitTarget is a cluster or cluster group to deploy to.

    FieldDescriptionSchemeRequired
    nameName is the name of this target.stringfalse
    clusterNameClusterName is the name of a cluster.stringfalse
    clusterSelectorClusterSelector is a label selector to select clusters.*metav1.LabelSelectorfalse
    clusterGroupClusterGroup is the name of a cluster group in the same namespace as the clusters.stringfalse
    clusterGroupSelectorClusterGroupSelector is a label selector to select cluster groups.*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    ResourcePerClusterState is generated for each non-ready resource of the bundles.

    FieldDescriptionSchemeRequired
    stateState is the state of the resource.stringfalse
    errorError is true if the resource is in an error state, copied from the bundle's summary for non-ready resources.boolfalse
    transitioningTransitioning is true if the resource is in a transitioning state, copied from the bundle's summary for non-ready resources.boolfalse
    messageMessage combines the messages from the bundle's summary. Messages are joined with the delimiter ';'.stringfalse
    patchPatch for modified resources.*GenericMapfalse
    clusterIdClusterID is the id of the cluster.stringfalse

    Back to Custom Resources

    Bundle​

    Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.\n\nWhen a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse
    ignoreIgnoreOptions can be used to ignore fields when monitoring the bundle.IgnoreOptionsfalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse
    namespaceLabelsNamespaceLabels are labels that will be appended to the namespace created by Fleet.*map[string]stringfalse
    namespaceAnnotationsNamespaceAnnotations are annotations that will be appended to the namespace created by Fleet.*map[string]stringfalse

    Back to Custom Resources

    BundleDeploymentResource​

    BundleDeploymentResource contains the metadata of a deployed resource.

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    createdAtmetav1.Timefalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected.boolfalse
    stagedOptionsStagedOptions are the deployment options, that are staged for the next deployment.BundleDeploymentOptionsfalse
    stagedDeploymentIDStagedDeploymentID is the ID of the staged deployment.stringfalse
    optionsOptions are the deployment options, that are currently applied.BundleDeploymentOptionsfalse
    deploymentIDDeploymentID is the ID of the currently applied deployment.stringfalse
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[]NonReadyStatusfalse
    modifiedStatus[]ModifiedStatusfalse
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false
    resourcesResources lists the metadata of resources that were deployed according to the helm release history.[]BundleDeploymentResourcefalse

    Back to Custom Resources

    BundleDisplay​

    BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle.

    FieldDescriptionSchemeRequired
    readyClustersReadyClusters is a string in the form \"%d/%d\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.stringfalse
    stateState is a summary state for the bundle, calculated over the non-ready resources.stringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    BundleNamespaceMapping maps bundles to clusters in other namespaces.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    nameName of the bundle.stringfalse
    selectorSelector matching bundle's labels.*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    BundleResource represents the content of a single resource from the bundle, like a YAML manifest.

    FieldDescriptionSchemeRequired
    nameName of the resource, can include the bundle's internal path.stringfalse
    contentThe content of the resource, can be compressed.stringfalse
    encodingEncoding is either empty or \"base64+gz\".stringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contains the resources that were read from the bundle's path. This includes the content of downloaded helm charts.[]BundleResourcefalse
    targetsTargets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used.[]BundleTargetfalse
    targetRestrictionsTargetRestrictions is an allow list, which controls if a bundledeployment is created for a target.[]BundleTargetRestrictionfalse
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditionsConditions is a list of Wrangler conditions that describe the state of the bundle.[]genericcondition.GenericConditionfalse
    summarySummary contains the number of bundle deployments in each state and a list of non-ready resources.BundleSummaryfalse
    newlyCreatedNewlyCreated is the number of bundle deployments that have been created, not updated.intfalse
    unavailableUnavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec.inttrue
    unavailablePartitionsUnavailablePartitions is the number of unavailable partitions.inttrue
    maxUnavailableMaxUnavailable is the maximum number of unavailable deployments. See rollout configuration.inttrue
    maxUnavailablePartitionsMaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions.inttrue
    maxNewMaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time.intfalse
    partitionsPartitionStatus lists the status of each partition.[]PartitionStatusfalse
    displayDisplay contains the number of ready, desiredready clusters and a summary state for the bundle's resources.BundleDisplayfalse
    resourceKeyResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc..[]ResourceKeyfalse
    observedGenerationObservedGeneration is the current generation of the bundle.int64true

    Back to Custom Resources

    BundleSummary​

    BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status.

    FieldDescriptionSchemeRequired
    notReadyNotReady is the number of bundle deployments that have been deployed where some resources are not ready.intfalse
    waitAppliedWaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.intfalse
    errAppliedErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle.intfalse
    outOfSyncOutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent.intfalse
    modifiedModified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced.intfalse
    readyReady is the number of bundle deployments that have been deployed where all resources are ready.inttrue
    pendingPending is the number of bundle deployments that are being processed by Fleet controller.intfalse
    desiredReadyDesiredReady is the number of bundle deployments that should be ready.inttrue
    nonReadyResourcesNonReadyClusters is a list of states, which is filled for a bundle that is not ready.[]NonReadyResourcefalse

    Back to Custom Resources

    BundleTarget​

    BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct.

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    nameName of target. This value is largely for display and logging. If not specified a default name of the format \"target000\" will be usedstringfalse
    clusterNameClusterName to match a specific cluster by name that will be selectedstringfalse
    clusterSelectorClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated.*metav1.LabelSelectorfalse
    clusterGroupClusterGroup to match a specific cluster group by name.stringfalse
    clusterGroupSelectorClusterGroupSelector is a selector to match cluster groups.*metav1.LabelSelectorfalse
    doNotDeployDoNotDeploy if set to true, will not deploy to this target.boolfalse

    Back to Custom Resources

    BundleTargetRestriction​

    BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml.

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    ComparePatch matches a resource and removes fields from the check for modifications.

    FieldDescriptionSchemeRequired
    kindKind is the kind of the resource to match.stringfalse
    apiVersionAPIVersion is the apiVersion of the resource to match.stringfalse
    namespaceNamespace is the namespace of the resource to match.stringfalse
    nameName is the name of the resource to match.stringfalse
    operationsOperations remove a JSON path from the resource.[]Operationfalse
    jsonPointersJSONPointers ignore diffs at a certain JSON path.[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    contentContent is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment's content resource, so the downstream agent can deploy them.[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatchesComparePatches match a resource and remove fields from the check for modifications.[]ComparePatchfalse

    Back to Custom Resources

    HelmOptions​

    HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types.

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[]ValuesFromfalse
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes Fleet skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    IgnoreOptions​

    IgnoreOptions defines conditions to be ignored when monitoring the Bundle.

    FieldDescriptionSchemeRequired
    conditionsConditions is a list of conditions to be ignored when monitoring the Bundle.[]map[string]stringfalse

    Back to Custom Resources

    KustomizeOptions​

    KustomizeOptions for a deployment.

    FieldDescriptionSchemeRequired
    dirDir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file.stringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    nameName of a resource in the same namespace as the referent.stringtrue

    Back to Custom Resources

    ModifiedStatus​

    ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch.

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    NonReadyResource contains information about a bundle that is not ready for a given state like \"ErrApplied\". It contains a list of non-ready or modified resources and their states.

    FieldDescriptionSchemeRequired
    nameName is the name of the resource.stringfalse
    bundleStateState is the state of the resource, like e.g. \"NotReady\" or \"ErrApplied\".BundleStatefalse
    messageMessage contains information why the bundle is not ready.stringfalse
    modifiedStatusModifiedStatus lists the state for each modified resource.[]ModifiedStatusfalse
    nonReadyStatusNonReadyStatus lists the state for each non-ready resource.[]NonReadyStatusfalse

    Back to Custom Resources

    NonReadyStatus​

    NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary.

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    Operation of a ComparePatch, usually \"remove\".

    FieldDescriptionSchemeRequired
    opOp is usually \"remove\"stringfalse
    pathPath is the JSON path to remove.stringfalse
    valueValue is usually empty.stringfalse

    Back to Custom Resources

    Partition​

    Partition defines a separate rollout strategy for a set of clusters.

    FieldDescriptionSchemeRequired
    nameA user-friendly name given to the partition used for Display (optional).stringfalse
    maxUnavailableA number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%*intstr.IntOrStringfalse
    clusterNameClusterName is the name of a cluster to include in this partitionstringfalse
    clusterSelectorSelector matching cluster labels to include in this partition*metav1.LabelSelectorfalse
    clusterGroupA cluster group name to include in this partitionstringfalse
    clusterGroupSelectorSelector matching cluster group labels to include in this partition*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    PartitionStatus is the status of a single rollout partition.

    FieldDescriptionSchemeRequired
    nameName is the name of the partition.stringfalse
    countCount is the number of clusters in the partition.intfalse
    maxUnavailableMaxUnavailable is the maximum number of unavailable clusters in the partition.intfalse
    unavailableUnavailable is the number of unavailable clusters in the partition.intfalse
    summarySummary is a summary state for the partition, calculated over its non-ready resources.BundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    ResourceKey lists resources, which will likely be deployed.

    FieldDescriptionSchemeRequired
    kindKind is the k8s api kind of the resource.stringfalse
    apiVersionAPIVersion is the k8s api version of the resource.stringfalse
    namespaceNamespace is the namespace of the resource.stringfalse
    nameName is the name of the resource.stringfalse

    Back to Custom Resources

    RolloutStrategy​

    RolloverStrategy controls the rollout of the bundle across clusters.

    FieldDescriptionSchemeRequired
    maxUnavailableA number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn't take effect on update. default: 100%*intstr.IntOrStringfalse
    maxUnavailablePartitionsA number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0*intstr.IntOrStringfalse
    autoPartitionSizeA number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%*intstr.IntOrStringfalse
    partitionsA list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize.[]Partitionfalse

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource.

    FieldDescriptionSchemeRequired
    overlaysOverlays is a list of names that maps to folders in \"overlays/\". If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenLastSeen is the last time the agent checked in to update the status of the cluster resource.metav1.Timetrue
    namespaceNamespace is the namespace of the agent deployment, e.g. \"cattle-fleet-system\".stringtrue
    nonReadyNodesNonReadyNodes is the number of nodes that are not ready.inttrue
    readyNodesReadyNodes is the number of nodes that are ready.inttrue
    nonReadyNodeNamesNonReadyNode contains the names of non-ready nodes. The list is limited to at most 3 names.[]stringtrue
    readyNodeNamesReadyNodes contains the names of ready nodes. The list is limited to at most 3 names.[]stringtrue

    Back to Custom Resources

    Cluster​

    Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesReadyBundles is a string in the form \"%d/%d\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.stringfalse
    readyNodesReadyNodes is a string in the form \"%d/%d\", that describes the number of nodes that are ready vs. the number of expected nodes.stringfalse
    sampleNodeSampleNode is the name of one of the nodes that are ready. If no node is ready, it's the name of a node that is not ready.stringfalse
    stateState of the cluster, either one of the bundle states, or \"WaitCheckIn\".stringfalse

    Back to Custom Resources

    ClusterGroup​

    ClusterGroup is a re-usable selector to target a group of clusters.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersReadyClusters is a string in the form \"%d/%d\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.stringfalse
    readyBundlesReadyBundles is a string in the form \"%d/%d\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.stringfalse
    stateState is a summary state for the cluster group, showing \"NotReady\" if there are non-ready resources.stringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selectorSelector is a label selector, used to select clusters for this group.*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountClusterCount is the number of clusters in the cluster group.inttrue
    nonReadyClusterCountNonReadyClusterCount is the number of clusters that are not ready.inttrue
    nonReadyClustersNonReadyClusters is a list of cluster names that are not ready.[]stringfalse
    conditionsConditions is a list of conditions and their statuses for the cluster group.[]genericcondition.GenericConditionfalse
    summarySummary is a summary of the bundle deployments and their resources in the cluster group.BundleSummaryfalse
    displayDisplay contains the number of ready, desiredready clusters and a summary state for the bundle's resources.ClusterGroupDisplayfalse
    resourceCountsResourceCounts contains the number of resources in each state over all bundles in the cluster group.GitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    ClusterRegistration is used internally by Fleet and should not be used directly.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID.stringfalse
    clientRandomClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name.stringfalse
    clusterLabelsClusterLabels are copied to the cluster resource during the registration.map[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNameClusterName is only set after the registration is being processed by fleet-controller.stringfalse
    grantedGranted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings.boolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    ClusterRegistrationToken is used by agents to register a new cluster.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttlTTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted.*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expiresExpires is the time when the token expires.*metav1.Timefalse
    secretNameSecretName is the name of the secret containing the token.stringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse
    agentAffinityAgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used.*v1.Affinityfalse
    agentResourcesAgentResources sets the resources for the cluster's agent deployment.*v1.ResourceRequirementsfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summarySummary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource.BundleSummaryfalse
    resourceCountsResourceCounts is an aggregate over the GitRepoResourceCounts.GitRepoResourceCountsfalse
    readyGitReposReadyGitRepos is the number of gitrepos for this cluster that are ready.inttrue
    desiredReadyGitReposDesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready.inttrue
    agentEnvVarsHashAgentEnvVarsHash is a hash of the agent's env vars, used to detect changes.stringfalse
    agentPrivateRepoURLAgentPrivateRepoURL is the private repo URL for the agent that is currently used.stringfalse
    agentDeployedGenerationAgentDeployedGeneration is the generation of the agent that is currently deployed.*int64false
    agentMigratedAgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don't have this in their status.boolfalse
    agentNamespaceMigratedAgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don't have this in their status.boolfalse
    cattleNamespaceMigratedCattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don't have this in their status.boolfalse
    agentAffinityHashAgentAffinityHash is a hash of the agent's affinity configuration, used to detect changes.stringfalse
    agentResourcesHashAgentResourcesHash is a hash of the agent's resources configuration, used to detect changes.stringfalse
    agentTolerationsHashAgentTolerationsHash is a hash of the agent's tolerations configuration, used to detect changes.stringfalse
    agentConfigChangedAgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster.boolfalse
    apiServerURLAPIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream.stringfalse
    apiServerCAHashAPIServerCAHash is a hash of the upstream API server CA, used to detect changes.stringfalse
    displayDisplay contains the number of ready bundles, nodes and a summary state.ClusterDisplayfalse
    agentAgentStatus contains information about the agent.AgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    Custom Resources Spec

    Sub Resources

    CorrectDrift​

    FieldDescriptionSchemeRequired
    enabledEnabled correct drift if true.boolfalse
    forceForce helm rollback with --force option will be used if true. This will try to recreate all resources in the release.boolfalse
    keepFailHistoryKeepFailHistory keeps track of failed rollbacks in the helm history.boolfalse

    Back to Custom Resources

    GitRepo​

    GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsReadyBundleDeployments is a string in the form \"%d/%d\", that describes the number of ready bundledeployments over the total number of bundledeployments.stringfalse
    stateState is the state of the GitRepo, e.g. \"GitUpdating\" or the maximal BundleState according to StateRank.stringfalse
    messageMessage contains the relevant message from the deployment conditions.stringfalse
    errorError is true if a message is present.boolfalse

    Back to Custom Resources

    GitRepoResource​

    GitRepoResource contains metadata about the resources of a bundle.

    FieldDescriptionSchemeRequired
    apiVersionAPIVersion is the API version of the resource.stringfalse
    kindKind is the k8s kind of the resource.stringfalse
    typeType is the type of the resource, e.g. \"apiextensions.k8s.io.customresourcedefinition\" or \"configmap\".stringfalse
    idID is the name of the resource, e.g. \"namespace1/my-config\" or \"backingimagemanagers.storage.io\".stringfalse
    namespaceNamespace of the resource.stringfalse
    nameName of the resource.stringfalse
    incompleteStateIncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states.boolfalse
    stateState is the state of the resource, e.g. \"Unknown\", \"WaitApplied\", \"ErrApplied\" or \"Ready\".stringfalse
    errorError is true if any Error in the PerClusterState is true.boolfalse
    transitioningTransitioning is true if any Transitioning in the PerClusterState is true.boolfalse
    messageMessage is the first message from the PerClusterStates.stringfalse
    perClusterStatePerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources.[]ResourcePerClusterStatefalse

    Back to Custom Resources

    GitRepoResourceCounts​

    GitRepoResourceCounts contains the number of resources in each state.

    FieldDescriptionSchemeRequired
    readyReady is the number of ready resources.inttrue
    desiredReadyDesiredReady is the number of resources that should be ready.inttrue
    waitAppliedWaitApplied is the number of resources that are waiting to be applied.inttrue
    modifiedModified is the number of resources that have been modified.inttrue
    orphanedOrphaned is the number of orphaned resources.inttrue
    missingMissing is the number of missing resources.inttrue
    unknownUnknown is the number of resources in an unknown state.inttrue
    notReadyNotReady is the number of not ready resources. Resources are not ready if they do not match any other state.inttrue

    Back to Custom Resources

    GitRepoRestriction​

    GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountDefaultServiceAccount overrides the GitRepo's default service account.stringfalse
    allowedServiceAccountsAllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use.[]stringfalse
    allowedRepoPatternsAllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo.[]stringfalse
    defaultClientSecretNameDefaultClientSecretName overrides the GitRepo's default client secret.stringfalse
    allowedClientSecretNamesAllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use.[]stringfalse
    allowedTargetNamespacesAllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set.[]stringfalse

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and index.stringfalse
    branchBranch The git branch to follow.stringfalse
    revisionRevision A specific commit or tag to operate on.stringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand.stringfalse
    clientSecretNameClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for a private Helm repository.stringfalse
    helmSecretNameForPathsHelmSecretNameForPaths contains the auth secret for private Helm repository for each path.stringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided.stringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default.[]stringfalse
    pausedPaused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync.boolfalse
    serviceAccountServiceAccount used in the downstream cluster for deployment.stringfalse
    targetsTargets is a list of targets this repo will deploy to.[]GitTargetfalse
    pollingIntervalPollingInterval is how often to check git for new updates.*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Git.int64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo.*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when a new image is scanned and written back to git repo.CommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepo.boolfalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status.int64true
    commitCommit is the Git commit hash from the last gitjob run.stringfalse
    readyClustersReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo.inttrue
    desiredReadyClustersDesiredReadyClusters\tis the number of clusters that should be ready for bundles of this GitRepo.inttrue
    gitJobStatusGitJobStatus is the status of the last GitJob run, e.g. \"Current\" if there was no error.stringfalse
    summarySummary contains the number of bundle deployments in each state and a list of non-ready resources.BundleSummaryfalse
    displayDisplay contains a human readable summary of the status.GitRepoDisplayfalse
    conditionsConditions is a list of Wrangler conditions that describe the state of the GitRepo.[]genericcondition.GenericConditionfalse
    resourcesResources contains metadata about the resources of each bundle.[]GitRepoResourcefalse
    resourceCountsResourceCounts contains the number of resources in each state over all bundles.GitRepoResourceCountsfalse
    resourceErrorsResourceErrors is a sorted list of errors from the resources.[]stringfalse
    lastSyncedImageScanTimeLastSyncedImageScanTime is the time of the last image scan.metav1.Timefalse

    Back to Custom Resources

    GitTarget​

    GitTarget is a cluster or cluster group to deploy to.

    FieldDescriptionSchemeRequired
    nameName is the name of this target.stringfalse
    clusterNameClusterName is the name of a cluster.stringfalse
    clusterSelectorClusterSelector is a label selector to select clusters.*metav1.LabelSelectorfalse
    clusterGroupClusterGroup is the name of a cluster group in the same namespace as the clusters.stringfalse
    clusterGroupSelectorClusterGroupSelector is a label selector to select cluster groups.*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    ResourcePerClusterState is generated for each non-ready resource of the bundles.

    FieldDescriptionSchemeRequired
    stateState is the state of the resource.stringfalse
    errorError is true if the resource is in an error state, copied from the bundle's summary for non-ready resources.boolfalse
    transitioningTransitioning is true if the resource is in a transitioning state, copied from the bundle's summary for non-ready resources.boolfalse
    messageMessage combines the messages from the bundle's summary. Messages are joined with the delimiter ';'.stringfalse
    patchPatch for modified resources.*GenericMapfalse
    clusterIdClusterID is the id of the cluster.stringfalse

    Back to Custom Resources

    Bundle​

    Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.\n\nWhen a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDeployment​

    BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse
    ignoreIgnoreOptions can be used to ignore fields when monitoring the bundle.IgnoreOptionsfalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse
    namespaceLabelsNamespaceLabels are labels that will be appended to the namespace created by Fleet.*map[string]stringfalse
    namespaceAnnotationsNamespaceAnnotations are annotations that will be appended to the namespace created by Fleet.*map[string]stringfalse

    Back to Custom Resources

    BundleDeploymentResource​

    BundleDeploymentResource contains the metadata of a deployed resource.

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    createdAtmetav1.Timefalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected.boolfalse
    stagedOptionsStagedOptions are the deployment options, that are staged for the next deployment.BundleDeploymentOptionsfalse
    stagedDeploymentIDStagedDeploymentID is the ID of the staged deployment.stringfalse
    optionsOptions are the deployment options, that are currently applied.BundleDeploymentOptionsfalse
    deploymentIDDeploymentID is the ID of the currently applied deployment.stringfalse
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[]NonReadyStatusfalse
    modifiedStatus[]ModifiedStatusfalse
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false
    resourcesResources lists the metadata of resources that were deployed according to the helm release history.[]BundleDeploymentResourcefalse

    Back to Custom Resources

    BundleDisplay​

    BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle.

    FieldDescriptionSchemeRequired
    readyClustersReadyClusters is a string in the form \"%d/%d\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.stringfalse
    stateState is a summary state for the bundle, calculated over the non-ready resources.stringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    BundleNamespaceMapping maps bundles to clusters in other namespaces.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    nameName of the bundle.stringfalse
    selectorSelector matching bundle's labels.*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    BundleResource represents the content of a single resource from the bundle, like a YAML manifest.

    FieldDescriptionSchemeRequired
    nameName of the resource, can include the bundle's internal path.stringfalse
    contentThe content of the resource, can be compressed.stringfalse
    encodingEncoding is either empty or \"base64+gz\".stringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contains the resources that were read from the bundle's path. This includes the content of downloaded helm charts.[]BundleResourcefalse
    targetsTargets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used.[]BundleTargetfalse
    targetRestrictionsTargetRestrictions is an allow list, which controls if a bundledeployment is created for a target.[]BundleTargetRestrictionfalse
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditionsConditions is a list of Wrangler conditions that describe the state of the bundle.[]genericcondition.GenericConditionfalse
    summarySummary contains the number of bundle deployments in each state and a list of non-ready resources.BundleSummaryfalse
    newlyCreatedNewlyCreated is the number of bundle deployments that have been created, not updated.intfalse
    unavailableUnavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec.inttrue
    unavailablePartitionsUnavailablePartitions is the number of unavailable partitions.inttrue
    maxUnavailableMaxUnavailable is the maximum number of unavailable deployments. See rollout configuration.inttrue
    maxUnavailablePartitionsMaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions.inttrue
    maxNewMaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time.intfalse
    partitionsPartitionStatus lists the status of each partition.[]PartitionStatusfalse
    displayDisplay contains the number of ready, desiredready clusters and a summary state for the bundle's resources.BundleDisplayfalse
    resourceKeyResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc..[]ResourceKeyfalse
    observedGenerationObservedGeneration is the current generation of the bundle.int64true

    Back to Custom Resources

    BundleSummary​

    BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status.

    FieldDescriptionSchemeRequired
    notReadyNotReady is the number of bundle deployments that have been deployed where some resources are not ready.intfalse
    waitAppliedWaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.intfalse
    errAppliedErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle.intfalse
    outOfSyncOutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent.intfalse
    modifiedModified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced.intfalse
    readyReady is the number of bundle deployments that have been deployed where all resources are ready.inttrue
    pendingPending is the number of bundle deployments that are being processed by Fleet controller.intfalse
    desiredReadyDesiredReady is the number of bundle deployments that should be ready.inttrue
    nonReadyResourcesNonReadyClusters is a list of states, which is filled for a bundle that is not ready.[]NonReadyResourcefalse

    Back to Custom Resources

    BundleTarget​

    BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct.

    FieldDescriptionSchemeRequired
    BundleDeploymentOptionsBundleDeploymentOptionsfalse
    nameName of target. This value is largely for display and logging. If not specified a default name of the format \"target000\" will be usedstringfalse
    clusterNameClusterName to match a specific cluster by name that will be selectedstringfalse
    clusterSelectorClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated.*metav1.LabelSelectorfalse
    clusterGroupClusterGroup to match a specific cluster group by name.stringfalse
    clusterGroupSelectorClusterGroupSelector is a selector to match cluster groups.*metav1.LabelSelectorfalse
    doNotDeployDoNotDeploy if set to true, will not deploy to this target.boolfalse

    Back to Custom Resources

    BundleTargetRestriction​

    BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml.

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    ComparePatch​

    ComparePatch matches a resource and removes fields from the check for modifications.

    FieldDescriptionSchemeRequired
    kindKind is the kind of the resource to match.stringfalse
    apiVersionAPIVersion is the apiVersion of the resource to match.stringfalse
    namespaceNamespace is the namespace of the resource to match.stringfalse
    nameName is the name of the resource to match.stringfalse
    operationsOperations remove a JSON path from the resource.[]Operationfalse
    jsonPointersJSONPointers ignore diffs at a certain JSON path.[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    Content​

    Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    contentContent is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment's content resource, so the downstream agent can deploy them.[]bytefalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatchesComparePatches match a resource and remove fields from the check for modifications.[]ComparePatchfalse

    Back to Custom Resources

    HelmOptions​

    HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types.

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[]ValuesFromfalse
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes Fleet skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse

    Back to Custom Resources

    IgnoreOptions​

    IgnoreOptions defines conditions to be ignored when monitoring the Bundle.

    FieldDescriptionSchemeRequired
    conditionsConditions is a list of conditions to be ignored when monitoring the Bundle.[]map[string]stringfalse

    Back to Custom Resources

    KustomizeOptions​

    KustomizeOptions for a deployment.

    FieldDescriptionSchemeRequired
    dirDir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file.stringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    nameName of a resource in the same namespace as the referent.stringtrue

    Back to Custom Resources

    ModifiedStatus​

    ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch.

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyResource​

    NonReadyResource contains information about a bundle that is not ready for a given state like \"ErrApplied\". It contains a list of non-ready or modified resources and their states.

    FieldDescriptionSchemeRequired
    nameName is the name of the resource.stringfalse
    bundleStateState is the state of the resource, like e.g. \"NotReady\" or \"ErrApplied\".BundleStatefalse
    messageMessage contains information why the bundle is not ready.stringfalse
    modifiedStatusModifiedStatus lists the state for each modified resource.[]ModifiedStatusfalse
    nonReadyStatusNonReadyStatus lists the state for each non-ready resource.[]NonReadyStatusfalse

    Back to Custom Resources

    NonReadyStatus​

    NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary.

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    Operation of a ComparePatch, usually \"remove\".

    FieldDescriptionSchemeRequired
    opOp is usually \"remove\"stringfalse
    pathPath is the JSON path to remove.stringfalse
    valueValue is usually empty.stringfalse

    Back to Custom Resources

    Partition​

    Partition defines a separate rollout strategy for a set of clusters.

    FieldDescriptionSchemeRequired
    nameA user-friendly name given to the partition used for Display (optional).stringfalse
    maxUnavailableA number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%*intstr.IntOrStringfalse
    clusterNameClusterName is the name of a cluster to include in this partitionstringfalse
    clusterSelectorSelector matching cluster labels to include in this partition*metav1.LabelSelectorfalse
    clusterGroupA cluster group name to include in this partitionstringfalse
    clusterGroupSelectorSelector matching cluster group labels to include in this partition*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    PartitionStatus is the status of a single rollout partition.

    FieldDescriptionSchemeRequired
    nameName is the name of the partition.stringfalse
    countCount is the number of clusters in the partition.intfalse
    maxUnavailableMaxUnavailable is the maximum number of unavailable clusters in the partition.intfalse
    unavailableUnavailable is the number of unavailable clusters in the partition.intfalse
    summarySummary is a summary state for the partition, calculated over its non-ready resources.BundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    ResourceKey lists resources, which will likely be deployed.

    FieldDescriptionSchemeRequired
    kindKind is the k8s api kind of the resource.stringfalse
    apiVersionAPIVersion is the k8s api version of the resource.stringfalse
    namespaceNamespace is the namespace of the resource.stringfalse
    nameName is the name of the resource.stringfalse

    Back to Custom Resources

    RolloutStrategy​

    RolloverStrategy controls the rollout of the bundle across clusters.

    FieldDescriptionSchemeRequired
    maxUnavailableA number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn't take effect on update. default: 100%*intstr.IntOrStringfalse
    maxUnavailablePartitionsA number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0*intstr.IntOrStringfalse
    autoPartitionSizeA number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%*intstr.IntOrStringfalse
    partitionsA list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize.[]Partitionfalse

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource.

    FieldDescriptionSchemeRequired
    overlaysOverlays is a list of names that maps to folders in \"overlays/\". If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenLastSeen is the last time the agent checked in to update the status of the cluster resource.metav1.Timetrue
    namespaceNamespace is the namespace of the agent deployment, e.g. \"cattle-fleet-system\".stringtrue
    nonReadyNodesNonReadyNodes is the number of nodes that are not ready.inttrue
    readyNodesReadyNodes is the number of nodes that are ready.inttrue
    nonReadyNodeNamesNonReadyNode contains the names of non-ready nodes. The list is limited to at most 3 names.[]stringtrue
    readyNodeNamesReadyNodes contains the names of ready nodes. The list is limited to at most 3 names.[]stringtrue

    Back to Custom Resources

    Cluster​

    Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesReadyBundles is a string in the form \"%d/%d\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.stringfalse
    readyNodesReadyNodes is a string in the form \"%d/%d\", that describes the number of nodes that are ready vs. the number of expected nodes.stringfalse
    sampleNodeSampleNode is the name of one of the nodes that are ready. If no node is ready, it's the name of a node that is not ready.stringfalse
    stateState of the cluster, either one of the bundle states, or \"WaitCheckIn\".stringfalse

    Back to Custom Resources

    ClusterGroup​

    ClusterGroup is a re-usable selector to target a group of clusters.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersReadyClusters is a string in the form \"%d/%d\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.stringfalse
    readyBundlesReadyBundles is a string in the form \"%d/%d\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.stringfalse
    stateState is a summary state for the cluster group, showing \"NotReady\" if there are non-ready resources.stringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selectorSelector is a label selector, used to select clusters for this group.*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountClusterCount is the number of clusters in the cluster group.inttrue
    nonReadyClusterCountNonReadyClusterCount is the number of clusters that are not ready.inttrue
    nonReadyClustersNonReadyClusters is a list of cluster names that are not ready.[]stringfalse
    conditionsConditions is a list of conditions and their statuses for the cluster group.[]genericcondition.GenericConditionfalse
    summarySummary is a summary of the bundle deployments and their resources in the cluster group.BundleSummaryfalse
    displayDisplay contains the number of ready, desiredready clusters and a summary state for the bundle's resources.ClusterGroupDisplayfalse
    resourceCountsResourceCounts contains the number of resources in each state over all bundles in the cluster group.GitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    ClusterRegistration is used internally by Fleet and should not be used directly.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID.stringfalse
    clientRandomClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name.stringfalse
    clusterLabelsClusterLabels are copied to the cluster resource during the registration.map[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNameClusterName is only set after the registration is being processed by fleet-controller.stringfalse
    grantedGranted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings.boolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    ClusterRegistrationToken is used by agents to register a new cluster.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttlTTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted.*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expiresExpires is the time when the token expires.*metav1.Timefalse
    secretNameSecretName is the name of the secret containing the token.stringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]v1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]v1.Tolerationfalse
    agentAffinityAgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used.*v1.Affinityfalse
    agentResourcesAgentResources sets the resources for the cluster's agent deployment.*v1.ResourceRequirementsfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summarySummary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource.BundleSummaryfalse
    resourceCountsResourceCounts is an aggregate over the GitRepoResourceCounts.GitRepoResourceCountsfalse
    readyGitReposReadyGitRepos is the number of gitrepos for this cluster that are ready.inttrue
    desiredReadyGitReposDesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready.inttrue
    agentEnvVarsHashAgentEnvVarsHash is a hash of the agent's env vars, used to detect changes.stringfalse
    agentPrivateRepoURLAgentPrivateRepoURL is the private repo URL for the agent that is currently used.stringfalse
    agentDeployedGenerationAgentDeployedGeneration is the generation of the agent that is currently deployed.*int64false
    agentMigratedAgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don't have this in their status.boolfalse
    agentNamespaceMigratedAgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don't have this in their status.boolfalse
    cattleNamespaceMigratedCattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don't have this in their status.boolfalse
    agentAffinityHashAgentAffinityHash is a hash of the agent's affinity configuration, used to detect changes.stringfalse
    agentResourcesHashAgentResourcesHash is a hash of the agent's resources configuration, used to detect changes.stringfalse
    agentTolerationsHashAgentTolerationsHash is a hash of the agent's tolerations configuration, used to detect changes.stringfalse
    agentConfigChangedAgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster.boolfalse
    apiServerURLAPIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream.stringfalse
    apiServerCAHashAPIServerCAHash is a hash of the upstream API server CA, used to detect changes.stringfalse
    displayDisplay contains the number of ready bundles, nodes and a summary state.ClusterDisplayfalse
    agentAgentStatus contains information about the agent.AgentStatusfalse

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/ref-fleet-yaml.html b/0.8/ref-fleet-yaml.html index aca74efe3..c22c5e781 100644 --- a/0.8/ref-fleet-yaml.html +++ b/0.8/ref-fleet-yaml.html @@ -4,13 +4,13 @@ fleet.yaml | Fleet - - + +
    -
    Version: 0.8

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to the struct at pkg/bundlereader/read.go, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # namespaceLabels are labels that will be appended to the namespace created by Fleet.
    namespaceLabels:
      key: value
    # namespaceAnnotations are annotations that will be appended to the namespace created by Fleet.
    namespaceAnnotations:
      key: value

    # Optional map of labels, that are set at the bundle and can be used in a
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      ### These options control how "fleet apply" downloads the chart
      #
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0

      ### These options only work for helm-type bundles
      #
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. Note, if the functions output changes with every
      # call, e.g. `uuidv4`, the bundle will get redeployed.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml

      ### These options control how fleet-agent deploys the bundle, they also apply for kustomize- and manifest-style bundles.
      #
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true

    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector:
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name. When using Fleet in
      # Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.
      clusterName: dev-cluster
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1
      # Resources will not be deployed in the matched clusters if doNotDeploy is true.
      doNotDeploy: false

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      # Note: Bundle names are limited to 53 characters long. If longer they will be shortened:
      # opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey

    # Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources
    # makes the Bundle to be in an error state when it shouldn't.
    ignore:
      # Conditions to be ignored
      conditions:
      # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}
      - type: Active
        status: "False"

    # Override targets defined in the GitRepo. The Bundle will not have any targets from the GitRepo if overrideTargets is provided.
    overrideTargets:
      - clusterSelector:
          matchLabels:
            env: dev

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to the struct at pkg/bundlereader/read.go, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # namespaceLabels are labels that will be appended to the namespace created by Fleet.
    namespaceLabels:
      key: value
    # namespaceAnnotations are annotations that will be appended to the namespace created by Fleet.
    namespaceAnnotations:
      key: value

    # Optional map of labels, that are set at the bundle and can be used in a
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      ### These options control how "fleet apply" downloads the chart
      #
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0

      ### These options only work for helm-type bundles
      #
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. Note, if the functions output changes with every
      # call, e.g. `uuidv4`, the bundle will get redeployed.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml

      ### These options control how fleet-agent deploys the bundle, they also apply for kustomize- and manifest-style bundles.
      #
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true

    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector:
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name. When using Fleet in
      # Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.
      clusterName: dev-cluster
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1
      # Resources will not be deployed in the matched clusters if doNotDeploy is true.
      doNotDeploy: false

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      # Note: Bundle names are limited to 53 characters long. If longer they will be shortened:
      # opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey

    # Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources
    # makes the Bundle to be in an error state when it shouldn't.
    ignore:
      # Conditions to be ignored
      conditions:
      # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}
      - type: Active
        status: "False"

    # Override targets defined in the GitRepo. The Bundle will not have any targets from the GitRepo if overrideTargets is provided.
    overrideTargets:
      - clusterSelector:
          matchLabels:
            env: dev

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/ref-gitrepo.html b/0.8/ref-gitrepo.html index ef55afe9a..f547a298e 100644 --- a/0.8/ref-gitrepo.html +++ b/0.8/ref-gitrepo.html @@ -4,14 +4,14 @@ GitRepo Resource | Fleet - - + +
    -
    Version: 0.8

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. -For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
      # Credentials will always be used if it is empty or not provided
      #
      # helmRepoURLRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      # If empty, the "default" cluster group is used.
      #
      # targets: ...
      #
      # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses
      # a three-way merge strategy by default. 
      # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating 
      # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.
      # Keep in mind that resources might be recreated if force is enabled.
      # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.
      #
      #  correctDrift:
      #    enabled: false
      #    force: false #Warning: it might recreate resources if set to true
      #    keepFailHistory: false
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. +For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
      # Credentials will always be used if it is empty or not provided
      #
      # helmRepoURLRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      # If empty, the "default" cluster group is used.
      #
      # targets: ...
      #
      # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses
      # a three-way merge strategy by default. 
      # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating 
      # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.
      # Keep in mind that resources might be recreated if force is enabled.
      # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.
      #
      #  correctDrift:
      #    enabled: false
      #    force: false #Warning: it might recreate resources if set to true
      #    keepFailHistory: false
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/ref-registration.html b/0.8/ref-registration.html index a0bd19c62..842fcab13 100644 --- a/0.8/ref-registration.html +++ b/0.8/ref-registration.html @@ -4,18 +4,18 @@ Cluster Registration Internals | Fleet - - + +
    -
    Version: 0.8

    Cluster Registration Internals

    How does cluster registration work?​

    This text describes cluster registration with more technical details. The text ignores agent initiated registration, as it’s not commonly used. +

    Version: 0.8

    Cluster Registration Internals

    How does cluster registration work?​

    This text describes cluster registration with more technical details. The text ignores agent initiated registration, as it’s not commonly used. Agent initiated registration is "ClusterRegistrationToken first", which means pre-creating a cluster is optional.

    See "Register Downstream Clusters" to learn how to register clusters.

    Cluster first​

    fleet-controller starts up and may "bootstrap" the local cluster resource. In Rancher creating the local cluster resource is handlded by the fleetcluster controller instead, but otherwise the process is identical.

    For manager initiated registration the process is identical for the local cluster or any downstream cluster. It starts by creating a cluster resource, which refers to a kubeconfig secret.

    Cluster -> ClusterRegistrationToken + Import Account​

    Now that a cluster resource exists, fleet-controller triggers and runs import.go to create the fleet-agent deployment.
fleet-controller also creates a clusterregistrationtoken and waits for it to be complete. The clusterregistationtoken triggers the creation of the import service account, which can create clusterregistrations and read any secret in the system registration namespace (eg "cattle-fleet-clusters-system"). The import.go will enqueue itself until the import service account exists, because that’s needed to create the fleet-agent-bootstrap secret. Now, the fleet-agent and the bootstrap secret are present on the downstream cluster

    Fleet-Agent -> ClusterRegistration​

    Immediately the fleet-agent checks for a fleet-agent-bootstrap secret (which contains the import kubeconfig) and starts registering if present. Then fleet-agent creates a clusterregistration resource in fleet-default on the management cluster, with a random number. The random number will be used for the registration secret’s name.

    fleet-controller triggers and tries to grant the clusterregistration request to create fleet-agent’s serviceaccount and create the ‘c-*’ registration secret with the clients new kubeconfig. The registration secret name is hash("clientID-clientRandom"). The new kubeconfig uses the "request" account. The request account can access the cluster status, bundledeployments and contents.

    Notes​

    • The registration starts with the "import" account and pivots to the "request" account.
    • The fleet-default namespace has all the cluster registrations, the import account uses a separate namespace.
    • Once the agent is registered, fleet-controller will trigger on a cluster/namespace change and call manageagent to create a bundle. The agent will update itself to the bundle and since the generation env var changes it will restart.
    • If no bootstrap secret exists, the agent will not re-register.

    Diagram​

    Process​

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. -It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Secrets​

    This diagram shows the resources created during registration and focuses on the k8s API server configuration.

    Registration Secrets

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Secrets​

    This diagram shows the resources created during registration and focuses on the k8s API server configuration.

    Registration Secrets

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/ref-resources.html b/0.8/ref-resources.html index 0ff727d67..660783eb9 100644 --- a/0.8/ref-resources.html +++ b/0.8/ref-resources.html @@ -4,13 +4,13 @@ List of Deployed Resources | Fleet - - + +
    -
    Version: 0.8

    List of Deployed Resources

    After installing Fleet in Rancher these resources are created in the upstream cluster.

    TypeNameNamespace
    From Helm, intial setup:
    ClusterRolefleet-controller-
    ClusterRolegitjob-
    ClusterRoleBindingfleet-controller-
    ClusterRoleBindinggitjob-binding-
    ConfigMapfleet-controllercattle-fleet-system
    Deploymentfleet-controllercattle-fleet-system
    Deploymentgitjobcattle-fleet-system
    Rolefleet-controllercattle-fleet-system
    Rolegitjobcattle-fleet-system
    RoleBindingfleet-controllercattle-fleet-system
    RoleBindinggitjobcattle-fleet-system
    Servicegitjobcattle-fleet-system
    ServiceAccountfleet-controllercattle-fleet-system
    ServiceAccountgitjobcattle-fleet-system
    Generated:
    clusters.fleet.cattle.iolocalfleet-local
    clusters.provisioning.cattle.iolocalfleet-local
    clusters.management.cattle.iolocal-
    ClusterGroupdefaultfleet-local
    Bundlefleet-agent-localfleet-local
    For each registered cluster:
    clusters.provisioning.cattle.ioby default fleet-default
    clusters.management.cattle.iogenerated-
    clusters.fleet.cattle.iofleet-default
    Bundlefleet-default
    BundleDeploymentcluster-fleet-local-local-IDfleet-agent-local

    Also see [namespaces]

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Version: 0.8

    List of Deployed Resources

    After installing Fleet in Rancher these resources are created in the upstream cluster.

    TypeNameNamespace
    From Helm, intial setup:
    ClusterRolefleet-controller-
    ClusterRolegitjob-
    ClusterRoleBindingfleet-controller-
    ClusterRoleBindinggitjob-binding-
    ConfigMapfleet-controllercattle-fleet-system
    Deploymentfleet-controllercattle-fleet-system
    Deploymentgitjobcattle-fleet-system
    Rolefleet-controllercattle-fleet-system
    Rolegitjobcattle-fleet-system
    RoleBindingfleet-controllercattle-fleet-system
    RoleBindinggitjobcattle-fleet-system
    Servicegitjobcattle-fleet-system
    ServiceAccountfleet-controllercattle-fleet-system
    ServiceAccountgitjobcattle-fleet-system
    Generated:
    clusters.fleet.cattle.iolocalfleet-local
    clusters.provisioning.cattle.iolocalfleet-local
    clusters.management.cattle.iolocal-
    ClusterGroupdefaultfleet-local
    Bundlefleet-agent-localfleet-local
    For each registered cluster:
    clusters.provisioning.cattle.ioby default fleet-default
    clusters.management.cattle.iogenerated-
    clusters.fleet.cattle.iofleet-default
    Bundlefleet-default
    BundleDeploymentcluster-fleet-local-local-IDfleet-agent-local

    Also see [namespaces]

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/resources-during-deployment.html b/0.8/resources-during-deployment.html index 4c3b9a7dd..13d1284cd 100644 --- a/0.8/resources-during-deployment.html +++ b/0.8/resources-during-deployment.html @@ -4,13 +4,13 @@ Custom Resources During Deployment | Fleet - - + +
    -
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/troubleshooting.html b/0.8/troubleshooting.html index c864e910a..371aff26d 100644 --- a/0.8/troubleshooting.html +++ b/0.8/troubleshooting.html @@ -4,16 +4,16 @@ Troubleshooting | Fleet - - + +
    -
    Version: 0.8

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Fetch detailed status from GitRepos and Bundles?​

    For debugging and bug reports the raw JSON of the resources status fields is most useful. +

    Version: 0.8

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Fetch detailed status from GitRepos and Bundles?​

    For debugging and bug reports the raw JSON of the resources status fields is most useful. This can be accessed in the Rancher UI, or through kubectl:

    kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}
    kubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name>
    helm:
      releaseName: <release name>
      repo: <repo name>
      chart: <chart name>
    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'

    Nested GitRepo CRs​

    Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available.

    Migrate the local cluster to the Fleet default cluster workspace?​

    Users can create new workspaces and move clusters across workspaces. -It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/tut-deployment.html b/0.8/tut-deployment.html index 4d49112e5..ac73c5c71 100644 --- a/0.8/tut-deployment.html +++ b/0.8/tut-deployment.html @@ -4,17 +4,17 @@ Creating a Deployment | Fleet - - + +
    -
    Version: 0.8

    Creating a Deployment

    To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.

    This tutorial uses the fleet-examples repository.

    note

    For more details on how to structure the repository and configure the deployment of each bundle see GitRepo Contents. +

    Version: 0.8

    Creating a Deployment

    To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.

    This tutorial uses the fleet-examples repository.

    note

    For more details on how to structure the repository and configure the deployment of each bundle see GitRepo Contents. For more details on the options that are available per Git repository see Adding a GitRepo.

    Single-Cluster Examples​

    All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet.

    An example using Helm. We are deploying the helm example to the local cluster.

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment:

    fleet.yaml
    namespace: fleet-helm-example

    # Custom helm options
    helm:
      # The release name to use. If empty a generated release name will be used
      releaseName: guestbook

      # The directory of the chart in the repo.  Also any valid go-getter supported
      # URL can be used there is specify where to download the chart from.
      # If repo below is set this value if the chart name in the repo
      chart: ""

      # An https to a valid Helm repository to download the chart from
      repo: ""

      # Used if repo is set to look up the version of the chart
      version: ""

      # Force recreate resource that can not be updated
      force: false

      # How long for helm to wait for the release to be active. If the value
      # is less that or equal to zero, we will not wait in Helm
      timeoutSeconds: 0

      # Custom values that will be passed as values.yaml to the installation
      values:
        replicas: 2

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-local namespace contains the local cluster resource. The local fleet-agent will create the deployment in the fleet-helm-example namespace.

    kubectl apply -n fleet-local -f - <<EOF
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - single-cluster/helm
    EOF

    Multi-Cluster Examples​

    The examples below will deploy a multi git repo to multiple clusters at once and configure the app differently for each target.

    An example using Helm. We are deploying the helm example and customizing it per target cluster

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment. The fleet.yaml is used to configure different deployment options, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-helm-example
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/helm
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod

    By applying the gitrepo resource to the upstream cluster, fleet will start to monitor the repository and create deployments:

    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +The application will be customized as follows per environment:

    • Dev clusters: Only the redis leader is deployed and not the followers.
    • Test clusters: Scale the front deployment to 3
    • Prod clusters: Scale the front deployment to 3 and set the service type to LoadBalancer

    The fleet.yaml is used to control which 'yaml' overlays are used, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-manifest-example
    targetCustomizations:
    - name: dev
      clusterSelector:
        matchLabels:
          env: dev
      yaml:
        overlays:
        # Refers to overlays/noreplication folder
        - noreplication

    - name: test
      clusterSelector:
        matchLabels:
          env: test
      yaml:
        overlays:
        # Refers to overlays/scale3 folder
        - scale3

    - name: prod
      clusterSelector:
        matchLabels:
          env: prod
      yaml:
        # Refers to overlays/servicelb, scale3 folders
        overlays:
        - servicelb
        - scale3

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: manifests
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/manifests
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod
    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/uninstall.html b/0.8/uninstall.html index e05c5a910..5b722a33f 100644 --- a/0.8/uninstall.html +++ b/0.8/uninstall.html @@ -4,15 +4,15 @@ Uninstall | Fleet - - + +
    -
    Version: 0.8

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by +

    Version: 0.8

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by uninstalling the appropriate Helm charts. To uninstall Fleet run the following -two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    caution

    Uninstalling the CRDs will remove all deployed workloads.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    caution

    Uninstalling the CRDs will remove all deployed workloads.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.8/webhook.html b/0.8/webhook.html index ef1e4d118..184862ce9 100644 --- a/0.8/webhook.html +++ b/0.8/webhook.html @@ -4,15 +4,15 @@ Using Webhooks Instead of Polling | Fleet - - + +
    -
    Version: 0.8

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).

    For installations with multiple tens up to hundreds of Git repos, and in general to reduce latency (the time between a push to Git and fleet reacting to it), configuring webhooks is recommended instead of polling.

    Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. +

    Version: 0.8

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).

    For installations with multiple tens up to hundreds of Git repos, and in general to reduce latency (the time between a push to Git and fleet reacting to it), configuring webhooks is recommended instead of polling.

    Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the -secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/0.9.html b/0.9.html new file mode 100644 index 000000000..b0d156879 --- /dev/null +++ b/0.9.html @@ -0,0 +1,16 @@ + + + + + +Overview | Fleet + + + + +
    +
    Version: 0.9

    Overview

    What is Fleet?​

    • Cluster engine: Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through GitOps. Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.

    • Deployment management: Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters.

    Configuration Management​

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/architecture.html b/0.9/architecture.html new file mode 100644 index 000000000..8f2e9aa28 --- /dev/null +++ b/0.9/architecture.html @@ -0,0 +1,35 @@ + + + + + +Architecture | Fleet + + + + +
    +
    Version: 0.9

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These +components work in a two-stage pull model. The Fleet manager will pull from git and the +cluster agents will pull from the Fleet manager.

    Fleet Manager​

    The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes +cluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no +custom API for the fleet controller.

    Cluster Agents​

    One cluster agent runs in each cluster and is responsible for talking to the Fleet manager. +The only communication from cluster to Fleet manager is by this agent and all communication +goes from the managed cluster to the Fleet manager. The fleet manager does not initiate +connections to downstream clusters. This means managed clusters can run in private networks and behind +NATs. The only requirement is the cluster agent needs to be able to communicate with the +Kubernetes API of the cluster running the Fleet manager. The one exception to this is if you use +the manager initiated cluster registration flow. This is not required, but +an optional pattern.

    The cluster agents are not assumed to have an "always on" connection. They will resume operation as +soon as they can connect. Future enhancements will probably add the ability to schedule times of when +the agent checks in, as it stands right now they will always attempt to connect.

    Security​

    The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the +tokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens. +The cluster registration token is used only during the registration process to generate a credential specific +to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration +token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created +specifically for that cluster. It can also update the status subresource of BundleDeployment and the status +subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/bundle-add.html b/0.9/bundle-add.html new file mode 100644 index 000000000..c363886c2 --- /dev/null +++ b/0.9/bundle-add.html @@ -0,0 +1,22 @@ + + + + + +Create a Bundle Resource | Fleet + + + + +
    +
    Version: 0.9

    Create a Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created +manually by the user. If you want to deploy resources from a git repository use a +GitRepo instead.

    If you want to deploy resources without a git repository follow this guide to create a Bundle.

    When creating a GitRepo Fleet will fetch the resources from a git repository, and add them to a Bundle. +When creating a Bundle resources need to be explicitly specified in the Bundle Spec. +Resources can be compressed with gz. See here +an example of how Rancher uses compression in go code.

    If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in GitRepo. +See Mapping to Downstream Clusters.

    The following example creates a nginx Deployment in the local cluster:

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      resources:
      # List of all resources that will be deployed
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml
      targets:
      - clusterName: local

    Limitations​

    Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:

    • spec.helm.repo
    • spec.helm.charts

    You can't use a fleet.yaml in resources, it is only used by the fleet-cli to create bundles.

    The spec.targetRestrictions field is not useful, as it is an allow list for targets specified in spec.targets. It is not needed, since targets are explicitly given in a bundle and an empty targetRestrictions defaults to allow.

    Convert a Helm Chart into a Bundle​

    You can use the Fleet CLI to convert a Helm chart into a bundle.

    For example, you can download and convert the "external secrets" operator chart like this:

    cat > targets.yaml <<EOF
    targets:
    - clusterSelector: {}
    EOF

    mkdir app
    cat > app/fleet.yaml <<EOF
    defaultNamespace: external-secrets
    helm:
      repo: https://charts.external-secrets.io
      chart: external-secrets
    EOF

    fleet apply --compress --targets-file=targets.yaml -n fleet-default -o - external-secrets app > eso-bundle.yaml

    kubectl apply -f eso-bundle.yaml

    Make sure you use a cluster selector in targets.yaml, that matches all clusters you want to deploy to.

    The blog post on Fleet: Multi-Cluster Deployment with the Help of External Secrets has more information.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/bundle-diffs.html b/0.9/bundle-diffs.html new file mode 100644 index 000000000..bbf43ed53 --- /dev/null +++ b/0.9/bundle-diffs.html @@ -0,0 +1,17 @@ + + + + + +Generating Diffs to Ignore Modified GitRepos | Fleet + + + + +
    +
    Version: 0.9

    Generating Diffs to Ignore Modified GitRepos

    Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.

    You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the Bundles section.

    The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the caBundle is empty and the CA cert is injected by the cluster.

    This leads the status of the bundle and associated GitRepo to be reported as "Modified"

    Associated Bundle +

    Fleet bundles support the ability to specify a custom jsonPointer patch.

    With the patch, users can instruct fleet to ignore object modifications.

    Simple Example​

    In this simple example, we create a Service and ConfigMap that we apply a bundle diff onto.

    https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs

    Gatekeeper Example​

    In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters.

    The opa-gatekeeper bundle associated with the opa GitRepo is in modified state.

    Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status.

    In our case the differences detected are as follows:

      summary:
        desiredReady: 1
        modified: 1
        nonReadyResources:
        - bundleState: Modified
          modifiedStatus:
          - apiVersion: admissionregistration.k8s.io/v1
            kind: ValidatingWebhookConfiguration
            name: gatekeeper-validating-webhook-configuration
            patch: '{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-audit
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'
          - apiVersion: apps/v1
            kind: Deployment
            name: gatekeeper-controller-manager
            namespace: cattle-gatekeeper-system
            patch: '{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}'

    Based on this summary, there are three objects which need to be patched.

    We will look at these one at a time.

    1. ValidatingWebhookConfiguration:​

    The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec.

    In cases where more than one element in the field requires a patch, that patch will refer these to as $setElementOrder/ELEMENTNAME

    From this information, we can see the two ValidatingWebhooks in question are:

      "$setElementOrder/webhooks": [
        {
          "name": "validation.gatekeeper.sh"
        },
        {
          "name": "check-ignore-label.gatekeeper.sh"
        }
      ],

    Within each ValidatingWebhook, the fields that need to be ignore are as follows:

        {
          "clientConfig": {
            "caBundle": "Cg=="
          },
          "name": "validation.gatekeeper.sh",
          "rules": [
            {
              "apiGroups": [
                "*"
              ],
              "apiVersions": [
                "*"
              ],
              "operations": [
                "CREATE",
                "UPDATE"
              ],
              "resources": [
                "*"
              ]
            }
          ]
        },

    and

        {
         "clientConfig": {
           "caBundle": "Cg=="
         },
         "name": "check-ignore-label.gatekeeper.sh",
         "rules": [
           {
             "apiGroups": [
               ""
             ],
             "apiVersions": [
               "*"
             ],
             "operations": [
               "CREATE",
               "UPDATE"
             ],
             "resources": [
               "namespaces"
             ]
           }
         ]
       }

    In summary, we need to ignore the fields rules and clientConfig.caBundle in our patch specification.

    The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values.

    Based on this information, our diff patch would look as follows:

      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    2. Deployment gatekeeper-controller-manager:​

    The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle).

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    3. Deployment gatekeeper-audit:​

    The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied.

    {
      "spec": {
        "template": {
          "spec": {
            "$setElementOrder/containers": [
              {
                "name": "manager"
              }
            ],
            "containers": [
              {
                "name": "manager",
                "resources": {
                  "limits": {
                    "cpu": "1000m"
                  }
                }
              }
            ],
            "tolerations": []
          }
        }
      }
    }

    Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added.

    Based on this information, our diff patch would look as follows:

      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}

    Combining It All Together​

    We can now combine all these patches as follows:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-audit
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: apps/v1
        kind: Deployment
        name: gatekeeper-controller-manager
        namespace: cattle-gatekeeper-system
        operations:
        - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}
        - {"op": "remove", "path": "/spec/template/spec/tolerations"}
      - apiVersion: admissionregistration.k8s.io/v1
        kind: ValidatingWebhookConfiguration
        name: gatekeeper-validating-webhook-configuration
        operations:
        - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/0/rules"}
        - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}
        - {"op": "remove", "path":"/webhooks/1/rules"}

    We can add these now to the bundle directly to test and also commit the same to the fleet.yaml in your GitRepo.

    Once these are added, the GitRepo should deploy and be in "Active" status.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cli/fleet-agent.html b/0.9/cli/fleet-agent.html new file mode 100644 index 000000000..e7c67a1a7 --- /dev/null +++ b/0.9/cli/fleet-agent.html @@ -0,0 +1,16 @@ + + + + + +Fleet + + + + +
    +
    Version: 0.9

    fleet-agent​

    fleet-agent [flags]

    Options​

          --agent-scope string        An identifier used to scope the agent bundleID names, typically the same as namespace
          --checkin-interval string   How often to post cluster status
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet-agent
          --kubeconfig string         kubeconfig file
          --namespace string          namespace to watch
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cli/fleet-cli/fleet.html b/0.9/cli/fleet-cli/fleet.html new file mode 100644 index 000000000..0214e271c --- /dev/null +++ b/0.9/cli/fleet-cli/fleet.html @@ -0,0 +1,16 @@ + + + + + +Fleet + + + + +
    +
    Version: 0.9

    fleet​

    fleet [flags]

    Options​

          --context string            kubeconfig context for authentication
          --debug                     Turn on debug logging
          --debug-level int           If debugging is enabled, set klog -v=X
      -h, --help                      help for fleet
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    • fleet apply - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager
    • fleet cleanup - Clean up outdated cluster registrations
    • fleet test - Match a bundle to a target and render the output
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cli/fleet-cli/fleet_apply.html b/0.9/cli/fleet-cli/fleet_apply.html new file mode 100644 index 000000000..a8c72510b --- /dev/null +++ b/0.9/cli/fleet-cli/fleet_apply.html @@ -0,0 +1,16 @@ + + + + + +Fleet + + + + +
    +
    Version: 0.9

    fleet apply​

    Render a bundle into a Kubernetes resource and apply it in the Fleet Manager

    fleet apply [flags] BUNDLE_NAME PATH...

    Options​

      -b, --bundle-file string                     Location of the raw Bundle resource yaml
          --cacerts-file string                    Path of custom cacerts for helm repo
          --commit string                          Commit to assign to the bundle
      -c, --compress                               Force all resources to be compress
          --correct-drift                          Rollback any change made from outside of Fleet
          --correct-drift-force                    Use --force when correcting drift. Resources can be deleted and recreated
          --correct-drift-keep-fail-history        Keep helm history for failed rollbacks
          --debug                                  Turn on debug logging
          --debug-level int                        If debugging is enabled, set klog -v=X
      -f, --file string                            Location of the fleet.yaml
          --helm-credentials-by-path-file string   Path of file containing helm credentials for paths
          --helm-repo-url-regex string             Helm credentials will be used if the helm repo matches this regex. Credentials will always be used if this is empty or not provided
      -h, --help                                   help for apply
          --keep-resources                         Keep resources created after the GitRepo or Bundle is deleted
      -l, --label strings                          Labels to apply to created bundles
      -o, --output string                          Output contents to file or - for stdout
          --password-file string                   Path of file containing basic auth password for helm repo
          --paused                                 Create bundles in a paused state
      -a, --service-account string                 Service account to assign to bundle created
          --ssh-privatekey-file string             Path of ssh-private-key for helm repo
          --sync-generation int                    Generation number used to force sync the deployment
          --target-namespace string                Ensure this bundle goes to this target namespace
          --targets-file string                    Addition source of targets and restrictions to be append
          --username string                        Basic auth username for helm repo

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cli/fleet-cli/fleet_cleanup.html b/0.9/cli/fleet-cli/fleet_cleanup.html new file mode 100644 index 000000000..8281aa523 --- /dev/null +++ b/0.9/cli/fleet-cli/fleet_cleanup.html @@ -0,0 +1,16 @@ + + + + + +Fleet + + + + +
    +
    Version: 0.9

    fleet cleanup​

    Clean up outdated cluster registrations

    fleet cleanup [flags]

    Options​

          --debug             Turn on debug logging
          --debug-level int   If debugging is enabled, set klog -v=X
          --factor string     Factor to increase delay between deletes (default: 1.1)
      -h, --help              help for cleanup
          --max string        Maximum delay between deletes (default: 5s)
          --min string        Minimum delay between deletes (default: 10ms)

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cli/fleet-cli/fleet_test.html b/0.9/cli/fleet-cli/fleet_test.html new file mode 100644 index 000000000..0d3b42485 --- /dev/null +++ b/0.9/cli/fleet-cli/fleet_test.html @@ -0,0 +1,16 @@ + + + + + +Fleet + + + + +
    +
    Version: 0.9

    fleet test​

    Match a bundle to a target and render the output

    fleet test [flags]

    Options​

      -b, --bundle-file string    Location of the raw Bundle resource yaml
          --debug                 Turn on debug logging
          --debug-level int       If debugging is enabled, set klog -v=X
      -f, --file string           Location of the fleet.yaml
      -g, --group string          Cluster group to match against
      -L, --group-label strings   Cluster group labels to match against
      -h, --help                  help for test
      -l, --label strings         Cluster labels to match against
      -N, --name string           Cluster name to match against
      -q, --quiet                 Just print the match and don't print the resources
      -t, --target string         Explicit target to match

    Options inherited from parent commands​

          --context string            kubeconfig context for authentication
      -k, --kubeconfig string         kubeconfig for authentication
      -n, --namespace string          namespace (default "fleet-local")
          --system-namespace string   System namespace of the controller (default "cattle-fleet-system")

    SEE ALSO​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cli/fleet-controller/fleet-manager.html b/0.9/cli/fleet-controller/fleet-manager.html new file mode 100644 index 000000000..741e2864f --- /dev/null +++ b/0.9/cli/fleet-controller/fleet-manager.html @@ -0,0 +1,16 @@ + + + + + +Fleet + + + + +
    +
    Version: 0.9

    fleet-manager​

    fleet-manager [flags]

    Options​

          --debug               Turn on debug logging
          --debug-level int     If debugging is enabled, set klog -v=X
          --disable-bootstrap   disable local cluster components
          --disable-gitops      disable gitops components
      -h, --help                help for fleet-manager
          --kubeconfig string   Kubeconfig file
          --namespace string    namespace to watch (default "cattle-fleet-system")
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cluster-bundles-state.html b/0.9/cluster-bundles-state.html new file mode 100644 index 000000000..b6123b243 --- /dev/null +++ b/0.9/cluster-bundles-state.html @@ -0,0 +1,16 @@ + + + + + +Cluster and Bundle State | Fleet + + + + +
    +
    Version: 0.9

    Cluster and Bundle State

    Clusters and Bundles have different states in each phase of applying Bundles.

    Bundles​

    Ready: Bundles have been deployed and all resources are ready.

    NotReady: Bundles have been deployed and some resources are not ready.

    WaitApplied: Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.

    ErrApplied: Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle.

    OutOfSync: Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet.

    Pending: Bundles are being processed by Fleet controller.

    Modified: Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository.

    Clusters​

    WaitCheckIn: Waiting for agent to report registration information and cluster status back.

    NotReady: There are bundles in this cluster that are in NotReady state.

    WaitApplied: There are bundles in this cluster that are in WaitApplied state.

    ErrApplied: There are bundles in this cluster that are in ErrApplied state.

    OutOfSync: There are bundles in this cluster that are in OutOfSync state.

    Pending: There are bundles in this cluster that are in Pending state.

    Modified: There are bundles in this cluster that are in Modified state.

    Ready: Bundles in this cluster have been deployed and all resources are ready.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cluster-group.html b/0.9/cluster-group.html new file mode 100644 index 000000000..f14653dcd --- /dev/null +++ b/0.9/cluster-group.html @@ -0,0 +1,20 @@ + + + + + +Create Cluster Groups | Fleet + + + + +
    +
    Version: 0.9

    Create Cluster Groups

    Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector. +The only parameter for a cluster group is essentially the selector. +When you get to a certain scale cluster groups become a more reasonable way to manage your clusters. +Cluster groups serve the purpose of giving aggregated +status of the deployments and then also a simpler way to manage targets.

    A cluster group is created by creating a ClusterGroup resource like below

    kind: ClusterGroup
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: production-group
      namespace: clusters
    spec:
      # This is the standard metav1.LabelSelector format to match clusters by labels
      selector:
        matchLabels:
          env: prod
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/cluster-registration.html b/0.9/cluster-registration.html new file mode 100644 index 000000000..450795625 --- /dev/null +++ b/0.9/cluster-registration.html @@ -0,0 +1,82 @@ + + + + + +Register Downstream Clusters | Fleet + + + + +
    +
    Version: 0.9

    Register Downstream Clusters

    Overview​

    There are two specific styles to registering clusters. These styles will be referred +to as agent-initiated and manager-initiated registration. Typically one would +go with the agent-initiated registration but there are specific use cases in which +manager-initiated is a better workflow.

    Agent-Initiated Registration​

    Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a +cluster registration token and optionally a client ID. The cluster +agent will then make a API request to the Fleet manager and initiate the registration process. Using +this process the Manager will never make an outbound API request to the downstream clusters and will thus +never need to have direct network access. The downstream cluster only needs to make outbound HTTPS +calls to the manager.

    Manager-Initiated Registration​

    Manager-initiated registration is a process in which you register an existing Kubernetes cluster +with the Fleet manager and the Fleet manager will make an API call to the downstream cluster to +deploy the agent. This style can place additional network access requirements because the Fleet +manager must be able to communicate with the downstream cluster API server for the registration process. +After the cluster is registered there is no further need for the manager to contact the downstream +cluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes +clusters through GitOps using something like cluster-api +or Rancher.

    Agent Initiated​

    A downstream cluster is registered by installing an agent via helm and using the cluster registration token and optionally a client ID or cluster labels.

    info

    It's not necessary to configure the fleet manager for multi cluster, as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly.

    Agent-initiated registration is normally not used with Rancher.

    Cluster Registration Token and Client ID​

    The cluster registration token is a credential that will authorize the downstream cluster agent to be +able to initiate the registration process. This is required. +The cluster registration token is manifested as a values.yaml file that will be passed to the helm install process. +Alternatively one can pass the token directly to the helm install command via --set token="$token".

    There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which +case you will probably want to specify cluster labels upon registration. Or you can have the agent register to a predefined +cluster in the Fleet manager, in which case you will need a client ID. The former approach is typically the easiest.

    Install Agent For a New Cluster​

    The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters.

    First, follow the cluster registration token instructions to obtain the values.yaml which contains +the registration token to authenticate against the Fleet cluster.

    Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After +registration is completed an agent cannot change the labels of the cluster. To add cluster labels add +--set-string labels.KEY=VALUE to the below Helm command. To add the labels foo=bar and bar=baz then you would +add --set-string labels.foo=bar --set-string labels.bar=baz to the command line.

    # Leave blank if you do not want any labels
    CLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"

    Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting.

    API_SERVER_URL=https://...
    API_SERVER_CA_DATA=...

    Value in API_SERVER_CA_DATA can be obtained from a .kube/config file with valid data to connect to the upstream cluster +(under the certificate-authority-data key). Alternatively it can be obtained from within the upstream cluster itself, +by looking up the default ServiceAccount secret name (typically prefixed with default-token-, in the default namespace), +under the ca.crt key.

    caution

    Use proper namespace and release name: +For the agent chart the namespace must be cattle-fleet-system and the release name fleet-agent

    Kubectl Context

    Ensure you are installing to the right cluster: +Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context +to change which cluster Helm is installing to.

    Fleet in Rancher

    Rancher has separate helm charts for Fleet and uses a different repository.

    Add Fleet's Helm repo.

    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        $CLUSTER_LABELS \
        --values values.yaml \
        --set apiServerCA="$API_SERVER_CA_DATA" \
        --set apiServerURL="$API_SERVER_URL" \
        fleet-agent fleet/fleet-agent
    The agent should now be deployed.

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster +was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet +manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    cluster-ab13e54400f1   1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z

    Install Agent For a Predefined Cluster​

    Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them. +A client ID is not required and is just one approach to managing clusters. +The client ID is a unique string that will identify the cluster. +This string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value +as then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the kube-system namespace +resource will be used as the client ID. Upon registration if the client ID is found on a Cluster resource in the Fleet manager it will associate +the agent with that Cluster. If no Cluster resource is found with that client ID a new Cluster resource will be created with the specific +client ID.

    The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which +is represented by the values.yaml file and the client ID. The client ID is optional.

    First, create a Cluster in the Fleet Manager with the random client ID you have chosen.

    kind: Cluster
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-cluster
      namespace: clusters
    spec:
      clientID: "really-random"

    Second, follow the [cluster registration token instructions]((#create-cluster-registration-tokens) to obtain the values.yaml file to be used.

    Third, setup your environment to use the client ID.

    CLUSTER_CLIENT_ID="really-random"
    note

    Use proper namespace and release name: +For the agent chart the namespace must be cattle-fleet-system and the release name fleet-agent

    note

    Ensure you are installing to the right cluster: +Helm will use the default context in ${HOME}/.kube/config to deploy the agent. Use --kubeconfig and --kube-context +to change which cluster Helm is installing to.

    Add Fleet's Helm repo.

    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Finally, install the agent using Helm.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set clientID="$CLUSTER_CLIENT_ID" \
        --values values.yaml \
        fleet-agent fleet/fleet-agent
    The agent should now be deployed.

    Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster +was registered in the clusters namespace. Please ensure your ${HOME}/.kube/config is pointed to the Fleet +manager to run this command.

    kubectl -n clusters get clusters.fleet.cattle.io
    NAME                   BUNDLES-READY   NODES-READY   SAMPLE-NODE             LAST-SEEN              STATUS
    my-cluster             1/1             1/1           k3d-cluster2-server-0   2020-08-31T19:23:10Z

    Create Cluster Registration Tokens​

    info

    Not needed for Manager-initiated registration: +For manager-initiated registrations the token is managed by the Fleet manager and does +not need to be manually created and obtained.

    For an agent-initiated registration the downstream cluster must have a cluster registration token. +Cluster registration tokens are used to establish a new identity for a cluster. Internally +cluster registration tokens are managed by creating Kubernetes service accounts that have the +permissions to create ClusterRegistrationRequests within a specific namespace. Once the +cluster is registered a new ServiceAccount is created for that cluster that is used as +the unique identity of the cluster. The agent is designed to forget the cluster registration +token after registration. While the agent will not maintain a reference to the cluster registration +token after a successful registration please note that usually other system bootstrap scripts do.

    Since the cluster registration token is forgotten, if you need to re-register a cluster you must +give the cluster a new registration token.

    Token TTL​

    Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL +such that it will expire after a specific time.

    Create a new Token​

    The ClusterRegistationToken is a namespaced type and should be created in the same namespace +in which you will create GitRepo and ClusterGroup resources. For in depth details on how namespaces +are used in Fleet refer to the documentation on namespaces. Create a new +token with the below YAML.

    kind: ClusterRegistrationToken
    apiVersion: "fleet.cattle.io/v1alpha1"
    metadata:
        name: new-token
        namespace: clusters
    spec:
        # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.
        ttl: 240h

    After the ClusterRegistrationToken is created, Fleet will create a corresponding Secret with the same name. +As the Secret creation is performed asynchronously, you will need to wait until it's available before using it.

    One way to do so is via the following one-liner:

    while ! kubectl --namespace=clusters  get secret new-token; do sleep 5; done

    Obtaining Token Value (Agent values.yaml)​

    The token value contains YAML content for a values.yaml file that is expected to be passed to helm install +to install the Fleet agent on a downstream cluster.

    Such value is contained in the values field of the Secret mentioned above. To obtain the YAML content for the +above example one can run the following one-liner:

    kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml

    Once the values.yaml is ready it can be used repeatedly by clusters to register until the TTL expires.

    Manager Initiated​

    The manager-initiated registration flow is accomplished by creating a +Cluster resource in the Fleet Manager that refers to a Kubernetes +Secret containing a valid kubeconfig file in the data field called value.

    info

    If you are using Fleet standalone without Rancher, it must be installed as described in installation details.

    The manager-initiated registration is used when you add a cluster from the Rancher dashboard.

    Create Kubeconfig Secret​

    The format of this secret is intended to match the format of the kubeconfig +secret used in cluster-api. +This means you can use cluster-api to create a cluster that is dynamically registered with Fleet.

    Kubeconfig Secret Example
    kind: Secret
    apiVersion: v1
    metadata:
      name: my-cluster-kubeconfig
      namespace: clusters
    data:
      value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==

    Create Cluster Resource​

    The cluster resource needs to reference the kubeconfig secret.

    Cluster Resource Example
    apiVersion: fleet.cattle.io/v1alpha1
    kind: Cluster
    metadata:
      name: my-cluster
      namespace: clusters
      labels:
        demo: "true"
        env: dev
    spec:
      kubeConfigSecret: my-cluster-kubeconfig
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/concepts.html b/0.9/concepts.html new file mode 100644 index 000000000..df5866a48 --- /dev/null +++ b/0.9/concepts.html @@ -0,0 +1,31 @@ + + + + + +Core Concepts | Fleet + + + + +
    +
    Version: 0.9

    Core Concepts

    Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers +to manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters.

    info

    For more on the naming conventions of CRDs, click here.

    Below are some of the concepts of Fleet that will be useful throughout this documentation:

    • Fleet Manager: The centralized component that orchestrates the deployments of Kubernetes assets +from git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a +single cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps.
    • Fleet controller: The controller(s) running on the Fleet manager orchestrating GitOps. In practice, +the Fleet manager and Fleet controllers are used fairly interchangeably.
    • Single Cluster Style: This is a style of installing Fleet in which the manager and downstream cluster are the +same cluster. This is a very simple pattern to quickly get up and running with GitOps.
    • Multi Cluster Style: This is a style of running Fleet in which you have a central manager that manages a large +number of downstream clusters.
    • Fleet agent: Every managed downstream cluster will run an agent that communicates back to the Fleet manager. +This agent is just another set of Kubernetes controllers running in the downstream cluster.
    • GitRepo: Git repositories that are watched by Fleet are represented by the type GitRepo.

    Example installation order via GitRepo custom resources when using Fleet for the configuration management of downstream clusters:

    1. Install Calico CRDs and controllers.
    2. Set one or multiple cluster-level global network policies.
    3. Install GateKeeper. Note that cluster labels and overlays are critical features in Fleet as they determine which clusters will get each part of the bundle.
    4. Set up and configure ingress and system daemons.

    • Bundle: An internal unit used for the orchestration of resources from git. +When a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of +resources that get deployed to a cluster. Bundle is the fundamental deployment unit used in Fleet. The +contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. +Regardless of the source the contents are dynamically rendered into a Helm chart by the agent +and installed into the downstream cluster as a helm release.

      • To see the life cycle of a bundle, click here.

    • BundleDeployment: When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. +A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster specific +customizations. The Fleet agent is only aware of BundleDeployment resources that are created for +the cluster the agent is managing.

      • For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click here.

    • Downstream Cluster: Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

    • Cluster Registration Token: Tokens used by agents to register a new cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/gitrepo-add.html b/0.9/gitrepo-add.html new file mode 100644 index 000000000..4712d8d7d --- /dev/null +++ b/0.9/gitrepo-add.html @@ -0,0 +1,22 @@ + + + + + +Create a GitRepo Resource | Fleet + + + + +
    +
    Version: 0.9

    Create a GitRepo Resource

    Create GitRepo Instance​

    Git repositories are registered by creating a GitRepo resource in Kubernetes. Refer +to the creating a deployment tutorial for examples.

    Git Repository Contents has detail about the content of the Git repository.

    The available fields of the GitRepo custom resource are documented in the GitRepo resource reference

    Proper Namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Adding Private Git Repository​

    Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace.

    For example, to generate a private ssh key

    ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

    Note: The private key format has to be in EC PRIVATE KEY, RSA PRIVATE KEY or PRIVATE KEY and should not contain a passphase.

    Put your private key into secret, use the namespace the GitRepo is in:

    kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth
    caution

    Private key with passphrase is not supported.

    caution

    The key has to be in PEM format.

    Fleet supports putting known_hosts into ssh secret. Here is an example of how to add it:

    Fetch the public key hash(take github as an example)

    ssh-keyscan -H github.com

    And add it into secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: ssh-key
    type: kubernetes.io/ssh-auth
    stringData:
      ssh-privatekey: <private-key>
      known_hosts: |-
        |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
    danger

    If you don't add it any server's public key will be trusted and added. (ssh -o stricthostkeychecking=accept-new will be used)

    info

    If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.

    Using HTTP Auth​

    Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see HTTP secrets in Github.

    kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat

    Just like with SSH, reference the secret in your GitRepo resource via clientSecretName.

    spec:
      repo: https://github.com/fleetrepoci/gitjob-private.git
      branch: main
      clientSecretName: basic-auth-secret

    Using Private Helm Repositories​

    danger

    The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource. +Make sure you don't leak credentials by mixing public and private repositories. Use different helm credentials for each path, +or split them into different gitrepos, or use helmRepoURLRegex to limit the scope of credentials to certain servers.

    For a private Helm repo, users can reference a secret with the following keys:

    1. username and password for basic http auth if the Helm HTTP repo is behind basic auth.

    2. cacerts for custom CA bundle if the Helm repo is using a custom CA.

    3. ssh-privatekey for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently.

    For example, to add a secret in kubectl, run

    kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem

    After secret is created, specify the secret to gitRepo.spec.helmSecretName. Make sure secret is created under the same namespace with gitrepo.

    Use different helm credentials for each path​

    info

    gitRepo.spec.helmSecretName will be ignored if gitRepo.spec.helmSecretNameForPaths is provided

    Create a file secrets-path.yaml that contains credentials for each path defined in a GitRepo. Credentials will not be used +for paths that are not present in this file. +The path is the actual path to the bundle (ie to a folder containing a fleet.yaml file) within the git repository, which might have more segments than the entry under paths:.

    Example:

    path-one: # path path-one must exist in the repository
      username: user
      password: pass
    path-two:  # path path-one must exist in the repository
      username: user2
      password: pass2
      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
      sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K

    Create the secret

    kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml

    In the previous example credentials for username user will be used for the path path-one and credentials for username +user2 will be used for the path path-two.

    caBundle and sshPrivateKey must be base64 encoded.

    note

    If you are using "rancher-backups" and want this secret to be included the backup, please add the label resources.cattle.io/backup: true to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials.

    Troubleshooting

    See Fleet Troubleshooting section here.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/gitrepo-content.html b/0.9/gitrepo-content.html new file mode 100644 index 000000000..560f37d0c --- /dev/null +++ b/0.9/gitrepo-content.html @@ -0,0 +1,58 @@ + + + + + +Git Repository Contents | Fleet + + + + +
    +
    Version: 0.9

    Git Repository Contents

    Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.

    Each bundle is created from paths in a GitRepo and modified further by reading the discovered fleet.yaml file. +Bundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not +specified within fleet.yaml it is generated from GitRepo.name + path. Long names are truncated and a -<hash> prefix is added.

    The git repository has no explicitly required structure. It is important +to realize the scanned resources will be saved as a resource in Kubernetes so +you want to make sure the directories you are scanning in git do not contain +arbitrarily large resources. Right now there is a limitation that the resources +deployed must gzip to less than 1MB.

    How repos are scanned​

    Multiple paths can be defined for a GitRepo and each path is scanned independently. +Internally each scanned path will become a bundle that Fleet will manage, +deploy, and monitor independently.

    The following files are looked for to determine the how the resources will be deployed.

    FileLocationMeaning
    Chart.yaml:/ relative to path or custom path from fleet.yamlThe resources will be deployed as a Helm chart. Refer to the fleet.yaml for more options.
    kustomization.yaml:/ relative to path or custom path from fleet.yamlThe resources will be deployed using Kustomize. Refer to the fleet.yaml for more options.
    fleet.yamlAny subpathIf any fleet.yaml is found a new bundle will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo
    *.yaml Any subpathIf a Chart.yaml or kustomization.yaml is not found then any .yaml or .yml file will be assumed to be a Kubernetes resource and will be deployed.
    overlays/{name}/ relative to pathWhen deploying using raw YAML (not Kustomize or Helm) overlays is a special directory for customizations.

    Excluding files and directories from bundles​

    Fleet supports file and directory exclusion by means of .fleetignore files, in a similar fashion to how .gitignore +files behave in git repositories:

    • Glob syntax is used to match files or directories, using Golang's +filepath.Match
    • Empty lines are skipped, and can therefore be used to improve readability
    • Characters like white spaces and # can be escaped with a backslash
    • Trailing spaces are ignored, unless escaped
    • Comments, ie lines starting with unescaped #, are skipped
    • A given line can match a file or a directory, even if no separator is provided: eg. subdir/* and subdir are both +valid .fleetignore lines, and subdir matches both files and directories called subdir
    • A match may be found for a file or directory at any level below the directory where a .fleetignore lives, ie +foo.yaml will match ./foo.yaml as well as ./path/to/foo.yaml
    • Multiple .fleetignore files are supported. For instance, in the following directory structure, only +root/something.yaml, bar/something2.yaml and foo/something.yaml will end up in a bundle:
    root/
    ├── .fleetignore            # contains `ignore-always.yaml'
    ├── something.yaml
    ├── bar
    │   ├── .fleetignore        # contains `something.yaml`
    │   ├── ignore-always.yaml
    │   ├── something2.yaml
    │   └── something.yaml
    └── foo
        ├── ignore-always.yaml
        └── something.yaml

    This currently comes with a few limitations, the following not being supported:

    • Double asterisks (**)
    • Explicit inclusions with !

    fleet.yaml​

    The fleet.yaml is an optional file that can be included in the git repository to change the behavior of how +the resources are deployed and customized. The fleet.yaml is always at the root relative to the path of the GitRepo +and if a subdirectory is found with a fleet.yaml a new bundle is defined that will then be +configured differently from the parent bundle.

    caution

    Helm chart dependencies: +It is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run helm dependencies update $chart OR run helm dependencies build $chart prior to install. See the Fleet docs in Rancher for more information.

    The available fields are documented in the fleet.yaml reference

    For a private Helm repo, users can reference a secret from the git repo resource. +See Using Private Helm Repositories for more information.

    Using Helm Values​

    How changes are applied to values.yaml:

    • Note that the most recently applied changes to the values.yaml will override any previously existing values.

    • When changes are applied to the values.yaml from multiple sources at the same time, the values will update in the following order: helm.values -> helm.valuesFiles -> helm.valuesFrom. That means valuesFrom will take precedence over both, valuesFiles and values.

    Using ValuesFrom​

    These examples showcase the style and format for using valuesFrom. ConfigMaps and Secrets should be created in downstream clusters.

    Example ConfigMap:

    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: configmap-values
      namespace: default
    data:
      values.yaml: |-
        replication: true
        replicas: 2
        serviceType: NodePort

    Example Secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: secret-values
      namespace: default
    stringData:
      values.yaml: |-
        replication: true
        replicas: 3
        serviceType: NodePort

    A secret like that, can be created from a YAML file secretdata.yaml by running the following kubectl command: kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml

    The resources can then be referenced from a fleet.yaml:

    helm:
      chart: simple-chart
      valuesFrom:
        - secretKeyRef:
            name: secret-values
            namespace: default
            key: values.yaml
        - configMapKeyRef:
            name: configmap-values
            namespace: default
            key: values.yaml
      values:
        replicas: "4"

    Per Cluster Customization​

    The GitRepo defines which clusters a git repository should be deployed to and the fleet.yaml in the repository +determines how the resources are customized per target.

    All clusters and cluster groups in the same namespace as the GitRepo will be evaluated against all targets of that +GitRepo. The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster. +If no match is made against the target list on the GitRepo then the resources will not be deployed to that cluster. +Once a target cluster is matched the fleet.yaml from the git repository is then consulted for customizations. The +targetCustomizations in the fleet.yaml will be evaluated one by one and the first match will define how the +resource is to be configured. If no match is made the resources will be deployed with no additional customizations.

    There are three approaches to matching clusters for both GitRepo targets and fleet.yaml targetCustomizations. +One can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so +the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the +default value it is dropped from the criteria. The default value is either null or "". It is important to realize +that the value {} for a selector means "match everything."

    targetCustomizations:
    - name: all
      # Match everything
      clusterSelector: {}
    - name: none
      # Selector ignored
      clusterSelector: null

    When matching a cluster by name, make sure to use the name of the +clusters.fleet.cattle.io resource. The Rancher UI also has a provisioning and +a management cluster resource. Since the management cluster resource is not +namespaced, its name is different and contains a random suffix.

    targetCustomizations:
    - name: prod
      clusterName: fleetname

    See Mapping to Downstream Clusters for more information and a list of supported customizations.

    Raw YAML Resource Customization​

    When using Kustomize or Helm the kustomization.yaml or the helm.values will control how the resource are +customized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can +be used. The overlays/ folder in the git repo is treated specially as folder containing folders that +can be selected to overlay on top per target cluster. The resource overlay content +uses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize +the resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet +the overlay resources will override or patch content with a matching file name.

    # Base files
    deployment.yaml
    svc.yaml

    # Overlay files

    # The following file will be added
    overlays/custom/configmap.yaml
    # The following file will replace svc.yaml
    overlays/custom/svc.yaml
    # The following file will patch deployment.yaml
    overlays/custom/deployment_patch.yaml

    A file named foo will replace a file called foo from the base resources or a previous overlay. In order to patch +the contents of a file the convention of adding _patch. (notice the trailing period) to the filename is used. The string _patch. +will be replaced with . from the file name and that will be used as the target. For example deployment_patch.yaml +will target deployment.yaml. The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch. +Which strategy is used is based on the file content. Even though JSON strategies are used, the files can be written +using YAML syntax.

    Cluster and Bundle State​

    See Cluster and Bundle state.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/gitrepo-targets.html b/0.9/gitrepo-targets.html new file mode 100644 index 000000000..abf09e383 --- /dev/null +++ b/0.9/gitrepo-targets.html @@ -0,0 +1,30 @@ + + + + + +Mapping to Downstream Clusters | Fleet + + + + +
    +
    Version: 0.9

    Mapping to Downstream Clusters

    Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.

    info

    Multi-cluster Only: +This approach only applies if you are running Fleet in a multi-cluster style +If no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.

    When deploying GitRepos to downstream clusters the clusters must be mapped to a target.

    Defining Targets​

    The deployment targets of GitRepo is done using the spec.targets field to +match clusters or cluster groups. The YAML specification is as below.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: myrepo
      namespace: clusters
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - simple

      # Targets are evaluated in order and the first one to match is used. If
      # no targets match then the evaluated cluster will not be deployed to.
      targets:
      # The name of target. This value is largely for display and logging.
      # If not specified a default name of the format "target000" will be used
      - name: prod
        # A selector used to match clusters.  The structure is the standard
        # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
        # clusterSelector will be used only to further refine the selection after
        # clusterGroupSelector and clusterGroup is evaluated.
        clusterSelector:
          matchLabels:
            env: prod
        # A selector used to match cluster groups.
        clusterGroupSelector:
          matchLabels:
            region: us-east
        # A specific clusterGroup by name that will be selected
        clusterGroup: group1
        # A specific cluster by name that will be selected
        clusterName: cluster1

    Target Matching​

    All clusters and cluster groups in the same namespace as the GitRepo will be evaluated against all targets. +If any of the targets match the cluster then the GitRepo will be deployed to the downstream cluster. If +no match is made, then the GitRepo will not be deployed to that cluster.

    There are three approaches to matching clusters. +One can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so +the final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the +default value it is dropped from the criteria. The default value is either null or "". It is important to realize +that the value {} for a selector means "match everything."

    targets:
      # Match everything
      - clusterSelector: {}
      # Selector ignored
      - clusterSelector: null

    You can also match clusters by name:

    targets:
      - clusterName: fleetname

    When using Fleet in Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.

    Default Target​

    If no target is set for the GitRepo then the default targets value is applied. The default targets value is as below.

    targets:
    - name: default
      clusterGroup: default

    This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default +and add clusters to it.

    Customization per Cluster​

    info

    The targets: in the GitRepo resource select clusters to deploy on. The targetCustomizations: in fleet.yaml override Helm values only and do not change targeting.

    To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use multi-cluster/helm/fleet.yaml.

    Situation: User has three clusters with three different labels: env=dev, env=test, and env=prod. User wants to deploy a frontend application with a backend database across these clusters.

    Expected behavior:

    • After deploying to the dev cluster, database replication is not enabled.
    • After deploying to the test cluster, database replication is enabled.
    • After deploying to the prod cluster, database replication is enabled and Load balancer services are exposed.

    Advantage of Fleet:

    Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:

    1. Deploy gitRepo https://github.com/rancher/fleet-examples.git and specify the path multi-cluster/helm.
    2. Under multi-cluster/helm, a Helm chart will deploy the frontend app service and backend database service.
    3. The following rule will be defined in fleet.yaml:
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    Result:

    Fleet will deploy the Helm chart with your customized values.yaml to the different clusters.

    Note: Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.

    Supported Customizations​

    Additional Examples​

    Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations +of the three are in the Fleet Examples repo.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/imagescan.html b/0.9/imagescan.html new file mode 100644 index 000000000..304807cff --- /dev/null +++ b/0.9/imagescan.html @@ -0,0 +1,18 @@ + + + + + +Using Image Scan to Update Container Image References | Fleet + + + + +
    +
    Version: 0.9

    Using Image Scan to Update Container Image References

    Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository, +without the need to manually update your manifests.

    caution

    This feature is considered as experimental feature.

    Go to fleet.yaml and add the following section.

    imageScans:
    # specify the policy to retrieve images, can be semver or alphabetical order
    - policy:
        # if range is specified, it will take the latest image according to semver order in the range
        # for more details on how to use semver, see https://github.com/Masterminds/semver
        semver:
          range: "*"
        # can use ascending or descending order
        alphabetical:
          order: asc

      # specify images to scan
      image: "your.registry.com/repo/image"

      # Specify the tag name, it has to be unique in the same bundle
      tagName: test-scan

      # specify secret to pull image if in private registry
      secretRef:
        name: dockerhub-secret

      # Specify the scan interval
      interval: 5m
    info

    You can create multiple image scans in fleet.yaml.

    Go to your manifest files and update the field that you want to replace. For example:

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: redis-slave
    spec:
      selector:
        matchLabels:
          app: redis
          role: slave
          tier: backend
      replicas: 2
      template:
        metadata:
          labels:
            app: redis
            role: slave
            tier: backend
        spec:
          containers:
          - name: slave
            image: <image>:<tag> # {"$imagescan": "test-scan"}
            resources:
              requests:
                cpu: 100m
                memory: 100Mi
            ports:
            - containerPort: 6379
    note

    There are multiple form of tagName you can reference. For example

    {"$imagescan": "test-scan"}: Use full image name(foo/bar:tag)

    {"$imagescan": "test-scan:name"}: Only use image name without tag(foo/bar)

    {"$imagescan": "test-scan:tag"}: Only use image tag

    {"$imagescan": "test-scan:digest"}: Use full image name with digest(foo/bar:tag@sha256...)

    Create a GitRepo that includes your fleet.yaml

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: my-repo
      namespace: fleet-local
    spec:
      # change this to be your own repo
      repo: https://github.com/rancher/fleet-examples
      # define how long it will sync all the images and decide to apply change
      imageScanInterval: 5m
      # user must properly provide a secret that have write access to git repository
      clientSecretName: secret
      # specify the commit pattern
      imageScanCommit:
        authorName: foo
        authorEmail: foo@bar.com
        messageTemplate: "update image"

    Try pushing a new image tag, for example, <image>:<new-tag>. Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml. +Once change is made into git repository, fleet will read through the change and deploy the change into your cluster.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/installation.html b/0.9/installation.html new file mode 100644 index 000000000..3b3461833 --- /dev/null +++ b/0.9/installation.html @@ -0,0 +1,44 @@ + + + + + +Installation Details | Fleet + + + + +
    +
    Version: 0.9

    Installation Details

    The installation is broken up into two different use cases: single and multi-cluster. +The single cluster install is for if you wish to use GitOps to manage a single cluster, +in which case you do not need a centralized manager cluster. In the multi-cluster use case +you will setup a centralized manager cluster to which you can register clusters.

    If you are just learning Fleet the single cluster install is the recommended starting +point. After which you can move from single cluster to multi-cluster setup down the line.

    Single-cluster is the default installation. The same cluster will run both the Fleet +manager and the Fleet agent. The cluster will communicate with Git server to +deploy resources to this local cluster. This is the simplest setup and very +useful for dev/test and small scale setups. This use case is supported as a valid +use case for production.

    Prerequisites​

    Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the official install instructions.

    Default Install​

    Install the following two Helm charts.

    Fleet in Rancher

    Rancher has separate helm charts for Fleet and uses a different repository.

    First add Fleet's Helm repository.

    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Second install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \
        fleet/fleet-crd

    Third install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait fleet \
        fleet/fleet

    You can now register some git repos in the fleet-local namespace to start deploying Kubernetes resources.

    Configuration for Multi-Cluster​

    caution

    Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.

    The multi-cluster install described below is only covered in standalone Fleet, which is untested by Rancher QA.

    info

    The setup is the same as for a single cluster. +After installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager.

    However, to allow for manager-initiated registration of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only agent-initiated registration of downstream clusters is possible.

    API Server URL and CA certificate​

    In order for your Fleet management installation to properly work it is important +the correct API server URL and CA certificates are configured properly. The Fleet agents +will communicate to the Kubernetes API server URL. This means the Kubernetes +API server must be accessible to the downstream clusters. You will also need +to obtain the CA certificate of the API server. The easiest way to obtain this information +is typically from your kubeconfig file ($HOME/.kube/config). The server, +certificate-authority-data, or certificate-authority fields will have these values.

    $HOME/.kube/config
    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority-data: LS0tLS1CRUdJTi...
        server: https://example.com:6443

    Extract CA certificate​

    Please note that the certificate-authority-data field is base64 encoded and will need to be +decoded before you save it into a file. This can be done by saving the base64 encoded contents to +a file and then running

    base64 -d encoded-file > ca.pem

    Next, retrieve the CA certificate from your kubeconfig.

    If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.
    kubectl config view -o json --raw  | jq -r '.clusters[].cluster["certificate-authority-data"]' | base64 -d > ca.pem

    Extract API Server​

    If you have a multi-cluster setup, you can use this command:

    # replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG
    API_SERVER_URL=$(kubectl config view -o json --raw  | jq -r '.clusters[] | select(.name=="CLUSTER").cluster["server"]')
    # Leave empty if your API server is signed by a well known CA
    API_SERVER_CA="ca.pem"

    Validate​

    First validate the server URL is correct.

    curl -fLk "$API_SERVER_URL/version"

    The output of this command should be JSON with the version of the Kubernetes server or a 401 Unauthorized error. +If you do not get either of these results than please ensure you have the correct URL. The API server port is typically +6443 for Kubernetes.

    Next validate that the CA certificate is proper by running the below command. If your API server is signed by a +well known CA then omit the --cacert "$API_SERVER_CA" part of the command.

    curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"

    If you get a valid JSON response or an 401 Unauthorized then it worked. The Unauthorized error is +only because the curl command is not setting proper credentials, but this validates that the TLS +connection work and the ca.pem is correct for this URL. If you get a SSL certificate problem then +the ca.pem is not correct. The contents of the $API_SERVER_CA file should look similar to the below:

    ca.pem
    -----BEGIN CERTIFICATE-----
    MIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
    ZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda
    MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49
    AgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E
    0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE
    AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs
    ciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN
    KDs/pb3fnMTtpA==
    -----END CERTIFICATE-----

    Install for Multi-Cluster​

    In the following example it will be assumed the API server URL from the KUBECONFIG which is https://example.com:6443 +and the CA certificate is in the file ca.pem. If your API server URL is signed by a well-known CA you can +omit the apiServerCA parameter below or just create an empty ca.pem file (ie touch ca.pem).

    Setup the environment with your specific values, e.g.:

    API_SERVER_URL="https://example.com:6443"
    API_SERVER_CA="ca.pem"

    Once you have validated the API server URL and API server CA parameters, install the following two +Helm charts.

    First add Fleet's Helm repository.
    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Second install the Fleet CustomResourcesDefintions.

    helm -n cattle-fleet-system install --create-namespace --wait \
        fleet-crd

    Third install the Fleet controllers.

    helm -n cattle-fleet-system install --create-namespace --wait \
        --set apiServerURL="$API_SERVER_URL" \
        --set-file apiServerCA="$API_SERVER_CA" \
        fleet

    At this point the Fleet manager should be ready. You can now register clusters and git repos with +the Fleet manager.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/multi-user.html b/0.9/multi-user.html new file mode 100644 index 000000000..1442a419c --- /dev/null +++ b/0.9/multi-user.html @@ -0,0 +1,24 @@ + + + + + +Setup Multi User | Fleet + + + + +
    +
    Version: 0.9

    Setup Multi User

    Fleet uses Kubernetes RBAC where possible.

    One addition on top of RBAC is the GitRepoRestriction resource, which can be used to control GitRepo resources in a namespace.

    A multi-user fleet setup looks like this:

    • tenants don't share namespaces, each tenant has one or more namespaces on the +upstream cluster, where they can create GitRepo resources
    • tenants can't deploy cluster wide resources and are limited to a set of +namespaces on downstream clusters
    • clusters are in a separate namespace

    Shared Clusters

    important information

    The isolation of tenants is not complete and relies on Kubernetes RBAC to be +set up correctly. Without manual setup from an operator tenants can still +deploy cluster wide resources. Even with the available Fleet restrictions, +users are only restricted to namespaces, but namespaces don't provide much +isolation on their own. E.g. they can still consume as many resources as they +like.

    However, the existing Fleet restrictions allow users to share clusters, and +deploy resources without conflicts.

    Example User​

    This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace.

    kubectl create serviceaccount fleetuser
    kubectl create namespace project1
    kubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser

    If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:

    kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io
    kubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser
    kubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser

    This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces.

    Allow Access to Clusters​

    This assumes all GitRepos created by 'fleetuser' have the team: one label. Different labels could be used, to select different cluster namespaces.

    In each of the user's namespaces, as an admin create a BundleNamespaceMapping.

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: mapping
      namespace: project1

    # Bundles to match by label.
    # The labels are defined in the fleet.yaml # labels field or from the
    # GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
        team: one
        # or target one repo
        #fleet.cattle.io/repo-name: simpleapp

    # Namespaces, containing clusters, to match by label
    namespaceSelector:
      matchLabels:
        kubernetes.io/metadata.name: fleet-default
        # the label is on the namespace
        #workspace: prod

    The target section in the GitRepo resource can be used to deploy only to a subset of the matched clusters.

    Restricting Access to Downstream Clusters​

    Admins can further restrict tenants by creating a GitRepoRestriction in each of their namespaces.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: project1

    allowedTargetNamespaces:
      - project1simpleapp

    This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace.

    An Example GitRepo Resource​

    A GitRepo resource created by a tenant, without admin access could look like this:

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: simpleapp
      namespace: project1
      labels:
        team: one

    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - bundle-diffs

      targetNamespace: project1simpleapp

      # do not match the upstream/local cluster, won't work
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

    This includes the team: one label and and the required targetNamespace.

    Together with the previous BundleNamespaceMapping it would target all clusters with a env: dev label in the 'fleet-default' namespace.

    note

    BundleNamespaceMappings do not work with local clusters, so make sure not to target them.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/namespaces.html b/0.9/namespaces.html new file mode 100644 index 000000000..00f948a86 --- /dev/null +++ b/0.9/namespaces.html @@ -0,0 +1,46 @@ + + + + + +Namespaces | Fleet + + + + +
    +
    Version: 0.9

    Namespaces

    All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces +of the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is +important to understand the security model and how one can use Fleet in a multi-tenant fashion.

    GitRepos, Bundles, Clusters, ClusterGroups​

    The primary types are all scoped to a namespace. All selectors for GitRepo targets will be evaluated against +the Clusters and ClusterGroups in the same namespaces. This means that if you give create or update privileges +to a GitRepo type in a namespace, that end user can modify the selector to match any cluster in that namespace. +This means in practice if you want to have two teams self manage their own GitRepo registrations but they should +not be able to target each others clusters, they should be in different namespaces.

    GitRepo Namespace​

    Git repos are added to the Fleet manager using the GitRepo custom resource type. The GitRepo type is namespaced. By default, Rancher will create two Fleet workspaces: fleet-default and fleet-local.

    • Fleet-default will contain all the downstream clusters that are already registered through Rancher.
    • Fleet-local will contain the local cluster by default.

    If you are using Fleet in a single cluster style, the namespace will always be fleet-local. Check here for more on the fleet-local namespace.

    For a multi-cluster style, please ensure you use the correct repo that will map to the right target clusters.

    Namespace Creation Behavior in Bundles​

    When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist.

    Special Namespaces​

    An overview of the namespaces used by fleet and their resources.

    Namespace

    fleet-local (local workspace, cluster registration namespace)​

    The fleet-local namespace is a special namespace used for the single cluster use case or to bootstrap +the configuration of the Fleet manager.

    When fleet is installed the fleet-local namespace is created along with one Cluster called local and one +ClusterGroup called default. If no targets are specified on a GitRepo, it is by default targeted to the +ClusterGroup named default. This means that all GitRepos created in fleet-local will +automatically target the local Cluster. The local Cluster refers to the cluster the Fleet manager is running +on.

    The cluster registration namespace contains the cluster and the clusterregistration resources, as well as any gitrepos and bundles.

    cattle-fleet-system (system namespace)​

    The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by GitRepos are expected +to live in this namespace in the downstream cluster.

    cattle-fleet-clusters-system (system registration namespace)​

    This namespace holds secrets for the cluster registration process. It should contain no other resources in it, +especially secrets.

    Cluster Namespaces​

    For every cluster that is registered a namespace is created by the Fleet manager for that cluster. +These namespaces are named in the form cluster-${namespace}-${cluster}-${random}. The purpose of this +namespace is that all BundleDeployments for that cluster are put into this namespace and +then the downstream cluster is given access to watch and update BundleDeployments in that namespace only.

    Cross Namespace Deployments​

    It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a +central privileged team can manage common configuration for many clusters that are managed by different teams. The way +this is accomplished is by creating a BundleNamespaceMapping resource in a cluster.

    If you are creating a BundleNamespaceMapping resource it is best to do it in a namespace that only contains GitRepos +and no Clusters. It seems to get confusing if you have Clusters in the same repo as the cross namespace GitRepos will still +always be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them +canary clusters.

    A BundleNamespaceMapping has only two fields. Which are as below

    kind: BundleNamespaceMapping
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: not-important
      namespace: typically-unique

    # Bundles to match by label.  The labels are defined in the fleet.yaml
    # labels field or from the GitRepo metadata.labels field
    bundleSelector:
      matchLabels:
       foo: bar

    # Namespaces to match by label
    namespaceSelector:
      matchLabels:
       foo: bar

    If the BundleNamespaceMappings bundleSelector field matches a Bundles labels then that Bundle target criteria will +be evaluated against all clusters in all namespaces that match namespaceSelector. One can specify labels for the created +bundles from git by putting labels in the fleet.yaml file or on the metadata.labels field on the GitRepo.

    Restricting GitRepos​

    A namespace can contain multiple GitRepoRestriction resources. All GitRepos +created in that namespace will be checked against the list of restrictions. +If a GitRepo violates one of the constraints its BundleDeployment will be +in an error state and won't be deployed.

    This can also be used to set the defaults for GitRepo's serviceAccount and clientSecretName fields.

    kind: GitRepoRestriction
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: restriction
      namespace: typically-unique
    allowedClientSecretNames: []
    allowedRepoPatterns: []
    allowedServiceAccounts: []
    allowedTargetNamespaces: []
    defaultClientSecretName: ""
    defaultServiceAccount: ""

    Allowed Target Namespaces​

    This can be used to limit a deployment to a set of namespaces on a downstream cluster. +If an allowedTargetNamespaces restriction is present, all GitRepos must +specify a targetNamespace and the specified namespace must be in the allow +list. +This also prevents the creation of cluster wide resources.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/quickstart.html b/0.9/quickstart.html new file mode 100644 index 000000000..31714467d --- /dev/null +++ b/0.9/quickstart.html @@ -0,0 +1,18 @@ + + + + + +Quick Start | Fleet + + + + +
    +
    Version: 0.9

    Quick Start

    Who needs documentation, lets just run this thing!

    Install​

    Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is +fairly straightforward. To install the Helm 3 CLI follow the official install instructions.

    Fleet in Rancher

    Rancher has separate helm charts for Fleet and uses a different repository.

    brew install helm
    helm repo add fleet https://rancher.github.io/fleet-helm-charts/

    Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)

    helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \
        fleet/fleet-crd
    helm -n cattle-fleet-system install --create-namespace --wait fleet \
        fleet/fleet

    Add a Git Repo to Watch​

    Change spec.repo to your git repo of choice. Kubernetes manifest files that should +be deployed should be in /manifests in your repo.

    cat > example.yaml << "EOF"
    apiVersion: fleet.cattle.io/v1alpha1
    kind: GitRepo
    metadata:
      name: sample
      # This namespace is special and auto-wired to deploy to the local cluster
      namespace: fleet-local
    spec:
      # Everything from this repo will be run in this cluster. You trust me right?
      repo: "https://github.com/rancher/fleet-examples"
      paths:
      - simple
    EOF

    kubectl apply -f example.yaml

    Get Status​

    Get status of what fleet is doing

    kubectl -n fleet-local get fleet

    You should see something like this get created in your cluster.

    kubectl get deploy frontend
    NAME       READY   UP-TO-DATE   AVAILABLE   AGE
    frontend   3/3     3            3           116m

    Enjoy and read the docs.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/ref-bundle-stages.html b/0.9/ref-bundle-stages.html new file mode 100644 index 000000000..2f2095d92 --- /dev/null +++ b/0.9/ref-bundle-stages.html @@ -0,0 +1,16 @@ + + + + + +Bundle Lifecycle | Fleet + + + + +
    +
    Version: 0.9

    Bundle Lifecycle

    A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.

    To demonstrate the life cycle of a Fleet bundle, we will use multi-cluster/helm as a case study.

    1. User will create a GitRepo that points to the multi-cluster/helm repository.
    2. The gitjob-controller will sync changes from the GitRepo and detect changes from the polling or webhook event. With every commit change, the gitjob-controller will create a job that clones the git repository, reads content from the repo such as fleet.yaml and other manifests, and creates the Fleet bundle.

    Note: The job pod with the image name rancher/tekton-utils will be under the same namespace as the GitRepo.

    1. The fleet-controller then syncs changes from the bundle. According to the targets, the fleet-controller will create BundleDeployment resources, which are a combination of a bundle and a target cluster.
    2. The fleet-agent will then pull the BundleDeployment from the Fleet controlplane. The agent deploys bundle manifests as a Helm chart from the BundleDeployment into the downstream clusters.
    3. The fleet-agent will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.

    This diagram shows the different rendering stages a bundle goes through until deployment.

    Bundle Stages

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/ref-bundle.html b/0.9/ref-bundle.html new file mode 100644 index 000000000..fd7a1a1d1 --- /dev/null +++ b/0.9/ref-bundle.html @@ -0,0 +1,17 @@ + + + + + +Bundle Resource | Fleet + + + + +
    +
    Version: 0.9

    Bundle Resource

    Bundles are automatically created by Fleet when a GitRepo is created.

    The content of the resource corresponds to the BundleSpec. +For more information on how to use the Bundle resource Create a Bundle Resource.

    kind: Bundle
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-bundle
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # Namespace used for resources that do not specify a namespace.
      # This field is not used to enforce or lock down the deployment to a specific namespace.
      # defaultNamespace: test

      # If present will assign all resource to this
      # namespace and if any cluster scoped resource exists the deployment will fail.
      # targetNamespace: app

      # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.
      # kustomize: ...

      # Helm options for the deployment, like the chart name, repo and values.
      # helm: ...

      # ServiceAccount which will be used to perform this deployment.
      # serviceAccount: sa

      # ForceSyncGeneration is used to force a redeployment.
      # forceSyncGeneration: 0

      # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.
      # yaml: ...

      # Diff can be used to ignore the modified state of objects which are amended at runtime.
      # A specific commit or tag can also be watched.
      #
      # diff: ...

      # KeepResources can be used to keep the deployed resources when removing the bundle.
      # keepResources: false

      # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.
      # paused: false

      # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.
      # rolloutStrategy: ...

      # Contain the actual resources from the git repo which will be deployed.
      resources:
      - content: |
          apiVersion: apps/v1
          kind: Deployment
          metadata:
            name: nginx-deployment
            labels:
              app: nginx
          spec:
            replicas: 3
            selector:
              matchLabels:
                app: nginx
            template:
              metadata:
                labels:
                  app: nginx
              spec:
                containers:
                  - name: nginx
                    image: nginx:1.14.2
                    ports:
                      - containerPort: 80
        name: nginx.yaml

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      #
      # targets: ...

      # This field is used by Fleet internally, and it should not be modified manually.
      # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.
      # targetRestrictions: ...

      # Refers to the bundles which must be ready before this bundle can be deployed.
      # dependsOn: ...

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/ref-configuration.html b/0.9/ref-configuration.html new file mode 100644 index 000000000..edf2c005b --- /dev/null +++ b/0.9/ref-configuration.html @@ -0,0 +1,19 @@ + + + + + +Configuration | Fleet + + + + +
    +
    Version: 0.9

    Configuration

    A reference list of, mostly internal, configuration options.

    Helm Charts​

    The Helm charts accept, at least, the options as shown with their default in values.yaml:

    Environment Variables​

    The controllers can be started with these environment variables:

    • CATTLE_DEV_MODE - used to debug wrangler, not usable
    • FLEET_CLUSTER_ENQUEUE_DELAY - tune how often non-ready clusters are checked
    • FLEET_CPU_PPROF_PERIOD - used to turn on performance profiling

    Configuration​

    In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments.

    The config struct is used in both config maps:

    • cattle-fleet-system/fleet-agent
    • cattle-fleet-system/fleet-controller

    Labels​

    Labels used by fleet:

    • fleet.cattle.io/agent=true - NodeSelector label for agent's deployment affinity setting
    • fleet.cattle.io/non-managed-agent - managed agent bundle won't target Clusters with this label
    • fleet.cattle.io/repo-name - used on Bundle to reference the git repo resource
    • fleet.cattle.io/bundle-namespace - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/bundle-name - used on BundleDeployment to reference the Bundle resource
    • fleet.cattle.io/managed=true - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces.
    • fleet.cattle.io/bootstrap-token - unused

    Annotations​

    Annotations used by fleet:

    • fleet.cattle.io/agent-namespace
    • fleet.cattle.io/bundle-id
    • fleet.cattle.io/cluster, fleet.cattle.io/cluster-namespace - used on a cluster namespace to reference the cluster registration namespace and cluster name
    • fleet.cattle.io/cluster-group
    • fleet.cattle.io/cluster-registration-namespace
    • fleet.cattle.io/cluster-registration
    • fleet.cattle.io/commit
    • fleet.cattle.io/managed - appears unused
    • fleet.cattle.io/service-account

    Fleet agent configuration​

    Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a +Cluster, see Registering Downstream Cluster for more info on how to create +Clusters. Default configuration will be used if these fields are not provided.

    If you change the resources limits, make sure the limits allow the fleet-agent to work normally.

    Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults. +Agents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/ref-crds.html b/0.9/ref-crds.html new file mode 100644 index 000000000..ff14bc942 --- /dev/null +++ b/0.9/ref-crds.html @@ -0,0 +1,16 @@ + + + + + +Custom Resources Spec | Fleet + + + + +
    +
    Version: 0.9

    Custom Resources Spec

    Sub Resources

    Bundle​

    Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.\n\nWhen a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleSpectrue
    statusBundleStatustrue

    Back to Custom Resources

    BundleDisplay​

    BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle.

    FieldDescriptionSchemeRequired
    readyClustersReadyClusters is a string in the form \"%d/%d\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.stringfalse
    stateState is a summary state for the bundle, calculated over the non-ready resources.stringfalse

    Back to Custom Resources

    BundleRef​

    FieldDescriptionSchemeRequired
    nameName of the bundle.stringfalse
    selectorSelector matching bundle's labels.*metav1.LabelSelectorfalse

    Back to Custom Resources

    BundleResource​

    BundleResource represents the content of a single resource from the bundle, like a YAML manifest.

    FieldDescriptionSchemeRequired
    nameName of the resource, can include the bundle's internal path.stringfalse
    contentThe content of the resource, can be compressed.stringfalse
    encodingEncoding is either empty or \"base64+gz\".stringfalse

    Back to Custom Resources

    BundleSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.boolfalse
    rolloutStrategyRolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.*RolloutStrategyfalse
    resourcesResources contains the resources that were read from the bundle's path. This includes the content of downloaded helm charts.[]BundleResourcefalse
    targetsTargets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used.[]BundleTargetfalse
    targetRestrictionsTargetRestrictions is an allow list, which controls if a bundledeployment is created for a target.[]BundleTargetRestrictionfalse
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse

    Back to Custom Resources

    BundleStatus​

    FieldDescriptionSchemeRequired
    conditionsConditions is a list of Wrangler conditions that describe the state of the bundle.[]genericcondition.GenericConditionfalse
    summarySummary contains the number of bundle deployments in each state and a list of non-ready resources.BundleSummaryfalse
    newlyCreatedNewlyCreated is the number of bundle deployments that have been created, not updated.intfalse
    unavailableUnavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec.inttrue
    unavailablePartitionsUnavailablePartitions is the number of unavailable partitions.inttrue
    maxUnavailableMaxUnavailable is the maximum number of unavailable deployments. See rollout configuration.inttrue
    maxUnavailablePartitionsMaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions.inttrue
    maxNewMaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time.intfalse
    partitionsPartitionStatus lists the status of each partition.[]PartitionStatusfalse
    displayDisplay contains the number of ready, desiredready clusters and a summary state for the bundle's resources.BundleDisplayfalse
    resourceKeyResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc..[]ResourceKeyfalse
    observedGenerationObservedGeneration is the current generation of the bundle.int64true

    Back to Custom Resources

    BundleSummary​

    BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status.

    FieldDescriptionSchemeRequired
    notReadyNotReady is the number of bundle deployments that have been deployed where some resources are not ready.intfalse
    waitAppliedWaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed.intfalse
    errAppliedErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle.intfalse
    outOfSyncOutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent.intfalse
    modifiedModified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced.intfalse
    readyReady is the number of bundle deployments that have been deployed where all resources are ready.inttrue
    pendingPending is the number of bundle deployments that are being processed by Fleet controller.intfalse
    desiredReadyDesiredReady is the number of bundle deployments that should be ready.inttrue
    nonReadyResourcesNonReadyClusters is a list of states, which is filled for a bundle that is not ready.[]NonReadyResourcefalse

    Back to Custom Resources

    BundleTarget​

    BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct.

    FieldDescriptionSchemeRequired
    nameName of target. This value is largely for display and logging. If not specified a default name of the format \"target000\" will be usedstringfalse
    clusterNameClusterName to match a specific cluster by name that will be selectedstringfalse
    clusterSelectorClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated.*metav1.LabelSelectorfalse
    clusterGroupClusterGroup to match a specific cluster group by name.stringfalse
    clusterGroupSelectorClusterGroupSelector is a selector to match cluster groups.*metav1.LabelSelectorfalse
    doNotDeployDoNotDeploy if set to true, will not deploy to this target.boolfalse

    Back to Custom Resources

    BundleTargetRestriction​

    BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml.

    FieldDescriptionSchemeRequired
    namestringfalse
    clusterNamestringfalse
    clusterSelector*metav1.LabelSelectorfalse
    clusterGroupstringfalse
    clusterGroupSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    NonReadyResource​

    NonReadyResource contains information about a bundle that is not ready for a given state like \"ErrApplied\". It contains a list of non-ready or modified resources and their states.

    FieldDescriptionSchemeRequired
    nameName is the name of the resource.stringfalse
    bundleStateState is the state of the resource, like e.g. \"NotReady\" or \"ErrApplied\".BundleStatefalse
    messageMessage contains information why the bundle is not ready.stringfalse
    modifiedStatusModifiedStatus lists the state for each modified resource.[]ModifiedStatusfalse
    nonReadyStatusNonReadyStatus lists the state for each non-ready resource.[]NonReadyStatusfalse

    Back to Custom Resources

    Partition​

    Partition defines a separate rollout strategy for a set of clusters.

    FieldDescriptionSchemeRequired
    nameA user-friendly name given to the partition used for Display (optional).stringfalse
    maxUnavailableA number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%*intstr.IntOrStringfalse
    clusterNameClusterName is the name of a cluster to include in this partitionstringfalse
    clusterSelectorSelector matching cluster labels to include in this partition*metav1.LabelSelectorfalse
    clusterGroupA cluster group name to include in this partitionstringfalse
    clusterGroupSelectorSelector matching cluster group labels to include in this partition*metav1.LabelSelectorfalse

    Back to Custom Resources

    PartitionStatus​

    PartitionStatus is the status of a single rollout partition.

    FieldDescriptionSchemeRequired
    nameName is the name of the partition.stringfalse
    countCount is the number of clusters in the partition.intfalse
    maxUnavailableMaxUnavailable is the maximum number of unavailable clusters in the partition.intfalse
    unavailableUnavailable is the number of unavailable clusters in the partition.intfalse
    summarySummary is a summary state for the partition, calculated over its non-ready resources.BundleSummaryfalse

    Back to Custom Resources

    ResourceKey​

    ResourceKey lists resources, which will likely be deployed.

    FieldDescriptionSchemeRequired
    kindKind is the k8s api kind of the resource.stringfalse
    apiVersionAPIVersion is the k8s api version of the resource.stringfalse
    namespaceNamespace is the namespace of the resource.stringfalse
    nameName is the name of the resource.stringfalse

    Back to Custom Resources

    RolloutStrategy​

    RolloverStrategy controls the rollout of the bundle across clusters.

    FieldDescriptionSchemeRequired
    maxUnavailableA number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn't take effect on update. default: 100%*intstr.IntOrStringfalse
    maxUnavailablePartitionsA number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0*intstr.IntOrStringfalse
    autoPartitionSizeA number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%*intstr.IntOrStringfalse
    partitionsA list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize.[]Partitionfalse

    Back to Custom Resources

    BundleDeployment​

    BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specBundleDeploymentSpecfalse
    statusBundleDeploymentStatusfalse

    Back to Custom Resources

    BundleDeploymentDisplay​

    FieldDescriptionSchemeRequired
    deployedstringfalse
    monitoredstringfalse
    statestringfalse

    Back to Custom Resources

    BundleDeploymentOptions​

    FieldDescriptionSchemeRequired
    defaultNamespaceDefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace.stringfalse
    namespaceTargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail.stringfalse
    kustomizeKustomize options for the deployment, like the dir containing the kustomization.yaml file.*KustomizeOptionsfalse
    helmHelm options for the deployment, like the chart name, repo and values.*HelmOptionsfalse
    serviceAccountServiceAccount which will be used to perform this deployment.stringfalse
    forceSyncGenerationForceSyncGeneration is used to force a redeploymentint64false
    yamlYAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource.*YAMLOptionsfalse
    diffDiff can be used to ignore the modified state of objects which are amended at runtime.*DiffOptionsfalse
    keepResourcesKeepResources can be used to keep the deployed resources when removing the bundleboolfalse
    ignoreIgnoreOptions can be used to ignore fields when monitoring the bundle.IgnoreOptionsfalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse
    namespaceLabelsNamespaceLabels are labels that will be appended to the namespace created by Fleet.*map[string]stringfalse
    namespaceAnnotationsNamespaceAnnotations are annotations that will be appended to the namespace created by Fleet.*map[string]stringfalse

    Back to Custom Resources

    BundleDeploymentResource​

    BundleDeploymentResource contains the metadata of a deployed resource.

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    createdAtmetav1.Timefalse

    Back to Custom Resources

    BundleDeploymentSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected.boolfalse
    stagedOptionsStagedOptions are the deployment options, that are staged for the next deployment.BundleDeploymentOptionsfalse
    stagedDeploymentIDStagedDeploymentID is the ID of the staged deployment.stringfalse
    optionsOptions are the deployment options, that are currently applied.BundleDeploymentOptionsfalse
    deploymentIDDeploymentID is the ID of the currently applied deployment.stringfalse
    dependsOnDependsOn refers to the bundles which must be ready before this bundle can be deployed.[]BundleReffalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse

    Back to Custom Resources

    BundleDeploymentStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    appliedDeploymentIDstringfalse
    releasestringfalse
    readyboolfalse
    nonModifiedboolfalse
    nonReadyStatus[]NonReadyStatusfalse
    modifiedStatus[]ModifiedStatusfalse
    displayBundleDeploymentDisplayfalse
    syncGeneration*int64false
    resourcesResources lists the metadata of resources that were deployed according to the helm release history.[]BundleDeploymentResourcefalse

    Back to Custom Resources

    ComparePatch​

    ComparePatch matches a resource and removes fields from the check for modifications.

    FieldDescriptionSchemeRequired
    kindKind is the kind of the resource to match.stringfalse
    apiVersionAPIVersion is the apiVersion of the resource to match.stringfalse
    namespaceNamespace is the namespace of the resource to match.stringfalse
    nameName is the name of the resource to match.stringfalse
    operationsOperations remove a JSON path from the resource.[]Operationfalse
    jsonPointersJSONPointers ignore diffs at a certain JSON path.[]stringfalse

    Back to Custom Resources

    ConfigMapKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    DiffOptions​

    FieldDescriptionSchemeRequired
    comparePatchesComparePatches match a resource and remove fields from the check for modifications.[]ComparePatchfalse

    Back to Custom Resources

    HelmOptions​

    HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types.

    FieldDescriptionSchemeRequired
    chartChart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded.stringfalse
    repoRepo is the name of the HTTPS helm repo to download the chart from.stringfalse
    releaseNameReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path.stringfalse
    versionVersion of the chart to downloadstringfalse
    timeoutSecondsTimeoutSeconds is the time to wait for Helm operations.intfalse
    valuesValues passed to Helm. It is possible to specify the keys and values as go template strings.*GenericMapfalse
    valuesFromValuesFrom loads the values from configmaps and secrets.[]ValuesFromfalse
    forceForce allows to override immutable resources. This could be dangerous.boolfalse
    takeOwnershipTakeOwnership makes helm skip the check for its own annotationsboolfalse
    maxHistoryMaxHistory limits the maximum number of revisions saved per release by Helm.intfalse
    valuesFilesValuesFiles is a list of files to load values from.[]stringfalse
    waitForJobsWaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSecondsboolfalse
    atomicAtomic sets the --atomic flag when Helm is performing an upgradeboolfalse
    disablePreProcessDisablePreProcess disables template processing in valuesboolfalse
    disableDNSDisableDNS can be used to customize Helm's EnableDNS option, which Fleet sets to true by default.boolfalse
    skipSchemaValidationSkipSchemaValidation allows skipping schema validation against the chart valuesboolfalse

    Back to Custom Resources

    IgnoreOptions​

    IgnoreOptions defines conditions to be ignored when monitoring the Bundle.

    FieldDescriptionSchemeRequired
    conditionsConditions is a list of conditions to be ignored when monitoring the Bundle.[]map[string]stringfalse

    Back to Custom Resources

    KustomizeOptions​

    KustomizeOptions for a deployment.

    FieldDescriptionSchemeRequired
    dirDir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file.stringfalse

    Back to Custom Resources

    LocalObjectReference​

    FieldDescriptionSchemeRequired
    nameName of a resource in the same namespace as the referent.stringtrue

    Back to Custom Resources

    ModifiedStatus​

    ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch.

    FieldDescriptionSchemeRequired
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    missingboolfalse
    deleteboolfalse
    patchstringfalse

    Back to Custom Resources

    NonReadyStatus​

    NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary.

    FieldDescriptionSchemeRequired
    uidtypes.UIDfalse
    kindstringfalse
    apiVersionstringfalse
    namespacestringfalse
    namestringfalse
    summarysummary.Summaryfalse

    Back to Custom Resources

    Operation​

    Operation of a ComparePatch, usually \"remove\".

    FieldDescriptionSchemeRequired
    opOp is usually \"remove\"stringfalse
    pathPath is the JSON path to remove.stringfalse
    valueValue is usually empty.stringfalse

    Back to Custom Resources

    SecretKeySelector​

    FieldDescriptionSchemeRequired
    namespacestringfalse
    keystringfalse

    Back to Custom Resources

    ValuesFrom​

    Define helm values that can come from configmap, secret or external. Credit: https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439

    FieldDescriptionSchemeRequired
    configMapKeyRefThe reference to a config map with release values.*ConfigMapKeySelectorfalse
    secretKeyRefThe reference to a secret with release values.*SecretKeySelectorfalse

    Back to Custom Resources

    YAMLOptions​

    YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource.

    FieldDescriptionSchemeRequired
    overlaysOverlays is a list of names that maps to folders in \"overlays/\". If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.[]stringfalse

    Back to Custom Resources

    BundleNamespaceMapping​

    BundleNamespaceMapping maps bundles to clusters in other namespaces.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    bundleSelector*metav1.LabelSelectorfalse
    namespaceSelector*metav1.LabelSelectorfalse

    Back to Custom Resources

    AgentStatus​

    FieldDescriptionSchemeRequired
    lastSeenLastSeen is the last time the agent checked in to update the status of the cluster resource.metav1.Timetrue
    namespaceNamespace is the namespace of the agent deployment, e.g. \"cattle-fleet-system\".stringtrue
    nonReadyNodesNonReadyNodes is the number of nodes that are not ready.inttrue
    readyNodesReadyNodes is the number of nodes that are ready.inttrue
    nonReadyNodeNamesNonReadyNode contains the names of non-ready nodes. The list is limited to at most 3 names.[]stringtrue
    readyNodeNamesReadyNodes contains the names of ready nodes. The list is limited to at most 3 names.[]stringtrue

    Back to Custom Resources

    Cluster​

    Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterSpecfalse
    statusClusterStatusfalse

    Back to Custom Resources

    ClusterDisplay​

    FieldDescriptionSchemeRequired
    readyBundlesReadyBundles is a string in the form \"%d/%d\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.stringfalse
    readyNodesReadyNodes is a string in the form \"%d/%d\", that describes the number of nodes that are ready vs. the number of expected nodes.stringfalse
    sampleNodeSampleNode is the name of one of the nodes that are ready. If no node is ready, it's the name of a node that is not ready.stringfalse
    stateState of the cluster, either one of the bundle states, or \"WaitCheckIn\".stringfalse

    Back to Custom Resources

    ClusterSpec​

    FieldDescriptionSchemeRequired
    pausedPaused if set to true, will stop any BundleDeployments from being updated.boolfalse
    clientIDClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster.stringfalse
    kubeConfigSecretKubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster. It can optionally contain a APIServerURL and CA to override the values in the fleet-controller's configmap.stringfalse
    kubeConfigSecretNamespaceKubeConfigSecretNamespace is the namespace of the secret containing the kubeconfig for the downstream cluster. If unset, it will be assumed the secret can be found in the namespace that the Cluster object resides within.stringfalse
    redeployAgentGenerationRedeployAgentGeneration can be used to force redeploying the agent.int64false
    agentEnvVarsAgentEnvVars are extra environment variables to be added to the agent deployment.[]corev1.EnvVarfalse
    agentNamespaceAgentNamespace defaults to the system namespace, e.g. cattle-fleet-system.stringfalse
    privateRepoURLPrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config.stringfalse
    templateValuesTemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating.*GenericMapfalse
    agentTolerationsAgentTolerations defines an extra set of Tolerations to be added to the Agent deployment.[]corev1.Tolerationfalse
    agentAffinityAgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used.*corev1.Affinityfalse
    agentResourcesAgentResources sets the resources for the cluster's agent deployment.*corev1.ResourceRequirementsfalse

    Back to Custom Resources

    ClusterStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    namespaceNamespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\"stringfalse
    summarySummary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource.BundleSummaryfalse
    resourceCountsResourceCounts is an aggregate over the GitRepoResourceCounts.GitRepoResourceCountsfalse
    readyGitReposReadyGitRepos is the number of gitrepos for this cluster that are ready.inttrue
    desiredReadyGitReposDesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready.inttrue
    agentEnvVarsHashAgentEnvVarsHash is a hash of the agent's env vars, used to detect changes.stringfalse
    agentPrivateRepoURLAgentPrivateRepoURL is the private repo URL for the agent that is currently used.stringfalse
    agentDeployedGenerationAgentDeployedGeneration is the generation of the agent that is currently deployed.*int64false
    agentMigratedAgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don't have this in their status.boolfalse
    agentNamespaceMigratedAgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don't have this in their status.boolfalse
    cattleNamespaceMigratedCattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don't have this in their status.boolfalse
    agentAffinityHashAgentAffinityHash is a hash of the agent's affinity configuration, used to detect changes.stringfalse
    agentResourcesHashAgentResourcesHash is a hash of the agent's resources configuration, used to detect changes.stringfalse
    agentTolerationsHashAgentTolerationsHash is a hash of the agent's tolerations configuration, used to detect changes.stringfalse
    agentConfigChangedAgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster.boolfalse
    apiServerURLAPIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream.stringfalse
    apiServerCAHashAPIServerCAHash is a hash of the upstream API server CA, used to detect changes.stringfalse
    displayDisplay contains the number of ready bundles, nodes and a summary state.ClusterDisplayfalse
    agentAgentStatus contains information about the agent.AgentStatusfalse

    Back to Custom Resources

    ClusterGroup​

    ClusterGroup is a re-usable selector to target a group of clusters.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterGroupSpectrue
    statusClusterGroupStatustrue

    Back to Custom Resources

    ClusterGroupDisplay​

    FieldDescriptionSchemeRequired
    readyClustersReadyClusters is a string in the form \"%d/%d\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.stringfalse
    readyBundlesReadyBundles is a string in the form \"%d/%d\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.stringfalse
    stateState is a summary state for the cluster group, showing \"NotReady\" if there are non-ready resources.stringfalse

    Back to Custom Resources

    ClusterGroupSpec​

    FieldDescriptionSchemeRequired
    selectorSelector is a label selector, used to select clusters for this group.*metav1.LabelSelectorfalse

    Back to Custom Resources

    ClusterGroupStatus​

    FieldDescriptionSchemeRequired
    clusterCountClusterCount is the number of clusters in the cluster group.inttrue
    nonReadyClusterCountNonReadyClusterCount is the number of clusters that are not ready.inttrue
    nonReadyClustersNonReadyClusters is a list of cluster names that are not ready.[]stringfalse
    conditionsConditions is a list of conditions and their statuses for the cluster group.[]genericcondition.GenericConditionfalse
    summarySummary is a summary of the bundle deployments and their resources in the cluster group.BundleSummaryfalse
    displayDisplay contains the number of ready, desiredready clusters and a summary state for the bundle's resources.ClusterGroupDisplayfalse
    resourceCountsResourceCounts contains the number of resources in each state over all bundles in the cluster group.GitRepoResourceCountsfalse

    Back to Custom Resources

    ClusterRegistration​

    ClusterRegistration is used internally by Fleet and should not be used directly.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationSpecfalse
    statusClusterRegistrationStatusfalse

    Back to Custom Resources

    ClusterRegistrationSpec​

    FieldDescriptionSchemeRequired
    clientIDClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID.stringfalse
    clientRandomClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name.stringfalse
    clusterLabelsClusterLabels are copied to the cluster resource during the registration.map[string]stringfalse

    Back to Custom Resources

    ClusterRegistrationStatus​

    FieldDescriptionSchemeRequired
    clusterNameClusterName is only set after the registration is being processed by fleet-controller.stringfalse
    grantedGranted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings.boolfalse

    Back to Custom Resources

    ClusterRegistrationToken​

    ClusterRegistrationToken is used by agents to register a new cluster.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specClusterRegistrationTokenSpecfalse
    statusClusterRegistrationTokenStatusfalse

    Back to Custom Resources

    ClusterRegistrationTokenSpec​

    FieldDescriptionSchemeRequired
    ttlTTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted.*metav1.Durationfalse

    Back to Custom Resources

    ClusterRegistrationTokenStatus​

    FieldDescriptionSchemeRequired
    expiresExpires is the time when the token expires.*metav1.Timefalse
    secretNameSecretName is the name of the secret containing the token.stringfalse

    Back to Custom Resources

    Content​

    Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    contentContent is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment's content resource, so the downstream agent can deploy them.[]bytefalse

    Back to Custom Resources

    CommitSpec​

    CommitSpec specifies how to commit changes to the git repository

    FieldDescriptionSchemeRequired
    authorNameAuthorName gives the name to provide when making a commitstringtrue
    authorEmailAuthorEmail gives the email to provide when making a commitstringtrue
    messageTemplateMessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.stringfalse

    Back to Custom Resources

    CorrectDrift​

    FieldDescriptionSchemeRequired
    enabledEnabled correct drift if true.boolfalse
    forceForce helm rollback with --force option will be used if true. This will try to recreate all resources in the release.boolfalse
    keepFailHistoryKeepFailHistory keeps track of failed rollbacks in the helm history.boolfalse

    Back to Custom Resources

    GitRepo​

    GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specGitRepoSpecfalse
    statusGitRepoStatusfalse

    Back to Custom Resources

    GitRepoDisplay​

    FieldDescriptionSchemeRequired
    readyBundleDeploymentsReadyBundleDeployments is a string in the form \"%d/%d\", that describes the number of ready bundledeployments over the total number of bundledeployments.stringfalse
    stateState is the state of the GitRepo, e.g. \"GitUpdating\" or the maximal BundleState according to StateRank.stringfalse
    messageMessage contains the relevant message from the deployment conditions.stringfalse
    errorError is true if a message is present.boolfalse

    Back to Custom Resources

    GitRepoResource​

    GitRepoResource contains metadata about the resources of a bundle.

    FieldDescriptionSchemeRequired
    apiVersionAPIVersion is the API version of the resource.stringfalse
    kindKind is the k8s kind of the resource.stringfalse
    typeType is the type of the resource, e.g. \"apiextensions.k8s.io.customresourcedefinition\" or \"configmap\".stringfalse
    idID is the name of the resource, e.g. \"namespace1/my-config\" or \"backingimagemanagers.storage.io\".stringfalse
    namespaceNamespace of the resource.stringfalse
    nameName of the resource.stringfalse
    incompleteStateIncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states.boolfalse
    stateState is the state of the resource, e.g. \"Unknown\", \"WaitApplied\", \"ErrApplied\" or \"Ready\".stringfalse
    errorError is true if any Error in the PerClusterState is true.boolfalse
    transitioningTransitioning is true if any Transitioning in the PerClusterState is true.boolfalse
    messageMessage is the first message from the PerClusterStates.stringfalse
    perClusterStatePerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources.[]ResourcePerClusterStatefalse

    Back to Custom Resources

    GitRepoResourceCounts​

    GitRepoResourceCounts contains the number of resources in each state.

    FieldDescriptionSchemeRequired
    readyReady is the number of ready resources.inttrue
    desiredReadyDesiredReady is the number of resources that should be ready.inttrue
    waitAppliedWaitApplied is the number of resources that are waiting to be applied.inttrue
    modifiedModified is the number of resources that have been modified.inttrue
    orphanedOrphaned is the number of orphaned resources.inttrue
    missingMissing is the number of missing resources.inttrue
    unknownUnknown is the number of resources in an unknown state.inttrue
    notReadyNotReady is the number of not ready resources. Resources are not ready if they do not match any other state.inttrue

    Back to Custom Resources

    GitRepoSpec​

    FieldDescriptionSchemeRequired
    repoRepo is a URL to a git repo to clone and index.stringfalse
    branchBranch The git branch to follow.stringfalse
    revisionRevision A specific commit or tag to operate on.stringfalse
    targetNamespaceEnsure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand.stringfalse
    clientSecretNameClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \"kubernetes.io/basic-auth\" or \"kubernetes.io/ssh-auth\".stringfalse
    helmSecretNameHelmSecretName contains the auth secret for a private Helm repository.stringfalse
    helmSecretNameForPathsHelmSecretNameForPaths contains the auth secret for private Helm repository for each path.stringfalse
    helmRepoURLRegexHelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided.stringfalse
    caBundleCABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate.[]bytefalse
    insecureSkipTLSVerifyInsecureSkipTLSverify will use insecure HTTPS to clone the repo.boolfalse
    pathsPaths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example [\"charts/*\"] will match all folders as a subdirectory of charts/ If empty, \"/\" is the default.[]stringfalse
    pausedPaused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync.boolfalse
    serviceAccountServiceAccount used in the downstream cluster for deployment.stringfalse
    targetsTargets is a list of targets this repo will deploy to.[]GitTargetfalse
    pollingIntervalPollingInterval is how often to check git for new updates.*metav1.Durationfalse
    forceSyncGenerationIncrement this number to force a redeployment of contents from Git.int64false
    imageScanIntervalImageScanInterval is the interval of syncing scanned images and writing back to git repo.*metav1.Durationfalse
    imageScanCommitCommit specifies how to commit to the git repo when a new image is scanned and written back to git repo.CommitSpecfalse
    keepResourcesKeepResources specifies if the resources created must be kept after deleting the GitRepo.boolfalse
    correctDriftCorrectDrift specifies how drift correction should work.CorrectDriftfalse

    Back to Custom Resources

    GitRepoStatus​

    FieldDescriptionSchemeRequired
    observedGenerationObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status.int64true
    commitCommit is the Git commit hash from the last gitjob run.stringfalse
    readyClustersReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo.inttrue
    desiredReadyClustersDesiredReadyClusters\tis the number of clusters that should be ready for bundles of this GitRepo.inttrue
    gitJobStatusGitJobStatus is the status of the last GitJob run, e.g. \"Current\" if there was no error.stringfalse
    summarySummary contains the number of bundle deployments in each state and a list of non-ready resources.BundleSummaryfalse
    displayDisplay contains a human readable summary of the status.GitRepoDisplayfalse
    conditionsConditions is a list of Wrangler conditions that describe the state of the GitRepo.[]genericcondition.GenericConditionfalse
    resourcesResources contains metadata about the resources of each bundle.[]GitRepoResourcefalse
    resourceCountsResourceCounts contains the number of resources in each state over all bundles.GitRepoResourceCountsfalse
    resourceErrorsResourceErrors is a sorted list of errors from the resources.[]stringfalse
    lastSyncedImageScanTimeLastSyncedImageScanTime is the time of the last image scan.metav1.Timefalse

    Back to Custom Resources

    GitTarget​

    GitTarget is a cluster or cluster group to deploy to.

    FieldDescriptionSchemeRequired
    nameName is the name of this target.stringfalse
    clusterNameClusterName is the name of a cluster.stringfalse
    clusterSelectorClusterSelector is a label selector to select clusters.*metav1.LabelSelectorfalse
    clusterGroupClusterGroup is the name of a cluster group in the same namespace as the clusters.stringfalse
    clusterGroupSelectorClusterGroupSelector is a label selector to select cluster groups.*metav1.LabelSelectorfalse

    Back to Custom Resources

    ResourcePerClusterState​

    ResourcePerClusterState is generated for each non-ready resource of the bundles.

    FieldDescriptionSchemeRequired
    stateState is the state of the resource.stringfalse
    errorError is true if the resource is in an error state, copied from the bundle's summary for non-ready resources.boolfalse
    transitioningTransitioning is true if the resource is in a transitioning state, copied from the bundle's summary for non-ready resources.boolfalse
    messageMessage combines the messages from the bundle's summary. Messages are joined with the delimiter ';'.stringfalse
    patchPatch for modified resources.*GenericMapfalse
    clusterIdClusterID is the id of the cluster.stringfalse

    Back to Custom Resources

    GitRepoRestriction​

    GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace.

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    defaultServiceAccountDefaultServiceAccount overrides the GitRepo's default service account.stringfalse
    allowedServiceAccountsAllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use.[]stringfalse
    allowedRepoPatternsAllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo.[]stringfalse
    defaultClientSecretNameDefaultClientSecretName overrides the GitRepo's default client secret.stringfalse
    allowedClientSecretNamesAllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use.[]stringfalse
    allowedTargetNamespacesAllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set.[]stringfalse

    Back to Custom Resources

    AlphabeticalPolicy​

    AlphabeticalPolicy specifies a alphabetical ordering policy.

    FieldDescriptionSchemeRequired
    orderOrder specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.stringfalse

    Back to Custom Resources

    ImagePolicyChoice​

    ImagePolicyChoice is a union of all the types of policy that can be supplied.

    FieldDescriptionSchemeRequired
    semverSemVer gives a semantic version range to check against the tags available.*SemVerPolicyfalse
    alphabeticalAlphabetical set of rules to use for alphabetical ordering of the tags.*AlphabeticalPolicyfalse

    Back to Custom Resources

    ImageScan​

    FieldDescriptionSchemeRequired
    metadatametav1.ObjectMetafalse
    specImageScanSpecfalse
    statusImageScanStatusfalse

    Back to Custom Resources

    ImageScanSpec​

    API is taken from https://github.com/fluxcd/image-reflector-controller

    FieldDescriptionSchemeRequired
    tagNameTagName is the tag ref that needs to be put in manifest to replace fieldsstringfalse
    gitrepoNameGitRepo reference namestringfalse
    imageImage is the name of the image repositorystringfalse
    intervalInterval is the length of time to wait between scans of the image repository.metav1.Durationfalse
    secretRefSecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with kubectl create secret docker-registry, or the equivalent.*corev1.LocalObjectReferencefalse
    suspendThis flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.boolfalse
    policyPolicy gives the particulars of the policy to be followed in selecting the most recent imageImagePolicyChoicetrue

    Back to Custom Resources

    ImageScanStatus​

    FieldDescriptionSchemeRequired
    conditions[]genericcondition.GenericConditionfalse
    lastScanTimeLastScanTime is the last time image was scannedmetav1.Timefalse
    latestImageLatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.stringfalse
    latestTagLatest tag is the latest tag filtered by the policystringfalse
    latestDigestLatestDigest is the digest of latest tagstringfalse
    observedGenerationint64false
    canonicalImageNameCanonicalName is the name of the image repository with all the implied bits made explicit; e.g., docker.io/library/alpine rather than alpine.stringfalse

    Back to Custom Resources

    SemVerPolicy​

    SemVerPolicy specifies a semantic version policy.

    FieldDescriptionSchemeRequired
    rangeRange gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.stringtrue

    Back to Custom Resources

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/ref-fleet-yaml.html b/0.9/ref-fleet-yaml.html new file mode 100644 index 000000000..ce3f7accb --- /dev/null +++ b/0.9/ref-fleet-yaml.html @@ -0,0 +1,16 @@ + + + + + +fleet.yaml | Fleet + + + + +
    +
    Version: 0.9

    fleet.yaml

    The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.

    For more information on how to use the fleet.yaml to customize bundles see Git Repository Contents.

    The content of the fleet.yaml corresponds to the struct at pkg/bundlereader/read.go, which contains the BundleSpec.

    Reference​

    fleet.yaml
    # The default namespace to be applied to resources. This field is not used to
    # enforce or lock down the deployment to a specific namespace, but instead
    # provide the default value of the namespace field if one is not specified
    # in the manifests.
    # Default: default
    defaultNamespace: default

    # All resources will be assigned to this namespace and if any cluster scoped
    # resource exists the deployment will fail.
    # Default: ""
    namespace: default

    # namespaceLabels are labels that will be appended to the namespace created by Fleet.
    namespaceLabels:
      key: value
    # namespaceAnnotations are annotations that will be appended to the namespace created by Fleet.
    namespaceAnnotations:
      key: value

    # Optional map of labels, that are set at the bundle and can be used in a
    # dependsOn.selector
    labels:
      key: value

    kustomize:
      # Use a custom folder for kustomize resources. This folder must contain
      # a kustomization.yaml file.
      dir: ./kustomize

    helm:
      ### These options control how "fleet apply" downloads the chart
      #
      # Use a custom location for the Helm chart. This can refer to any go-getter URL or
      # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".
      # This allows one to download charts from most any location.  Also know that
      # go-getter URL supports adding a digest to validate the download. If repo
      # is set below this field is the name of the chart to lookup
      chart: ./chart
      # A https URL to a Helm repo to download the chart from. It's typically easier
      # to just use `chart` field and refer to a tgz file.  If repo is used the
      # value of `chart` will be used as the chart name to lookup in the Helm repository.
      repo: https://charts.rancher.io
      # The version of the chart or semver constraint of the chart to find. If a constraint
      # is specified it is evaluated each time git changes.
      # The version also determines which chart to download from OCI registries.
      version: 0.1.0

      ### These options only work for helm-type bundles
      #
      # Any values that should be placed in the `values.yaml` and passed to helm during
      # install.
      values:
        any-custom: value
      # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME
      # These can now be accessed directly as variables
      # The variable's value will be an empty string if the referenced cluster label does not
      # exist on the targeted cluster
        variableName: global.fleet.clusterLabels.LABELNAME
      # It is possible to specify the keys and values as go template strings for
      # advanced templating needs. Most of the functions from the sprig templating
      # library are available. Note, if the functions output changes with every
      # call, e.g. `uuidv4`, the bundle will get redeployed.
      # The template context has following keys.
      # `.ClusterValues` are retrieved from target cluster's `spec.templateValues`
      # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.
      # `.ClusterName` as the fleet's cluster resource name.
      # `.ClusterNamespace` as the namespace in which the cluster resource exists.
      # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,
      #       unlike helm which uses {{ }}.
        templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"
        valueFromEnv:
          "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }
      # Path to any values files that need to be passed to helm during install
      valuesFiles:
        - values1.yaml
        - values2.yaml
      # Allow to use values files from configmaps or secrets defined in the downstream clusters
      valuesFrom:
      - configMapKeyRef:
          name: configmap-values
          # default to namespace of bundle
          namespace: default
          key: values.yaml
      - secretKeyRef:
          name: secret-values
          namespace: default
          key: values.yaml

      ### These options control how fleet-agent deploys the bundle, they also apply for kustomize- and manifest-style bundles.
      #
      # A custom release name to deploy the chart as. If not specified a release name
      # will be generated by combining the invoking GitRepo.name + GitRepo.path.
      releaseName: my-release
      # Makes helm skip the check for its own annotations
      takeOwnership: false
      # Override immutable resources. This could be dangerous.
      force: false
      # Set the Helm --atomic flag when upgrading
      atomic: false
      # Disable go template pre-processing on the fleet values
      disablePreProcess: false
      # Disable DNS resolution in Helm's template functions
      disableDNS: false
      # Skip evaluation of the values.schema.json file
      skipSchemaValidation: false
      # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.
      # It will wait for as long as timeoutSeconds
      waitForJobs: true

    # A paused bundle will not update downstream clusters but instead mark the bundle
    # as OutOfSync. One can then manually confirm that a bundle should be deployed to
    # the downstream clusters.
    # Default: false
    paused: false

    rolloutStrategy:
        # A number or percentage of clusters that can be unavailable during an update
        # of a bundle. This follows the same basic approach as a deployment rollout
        # strategy. Once the number of clusters meets unavailable state update will be
        # paused. Default value is 100% which doesn't take effect on update.
        # default: 100%
        maxUnavailable: 15%
        # A number or percentage of cluster partitions that can be unavailable during
        # an update of a bundle.
        # default: 0
        maxUnavailablePartitions: 20%
        # A number of percentage of how to automatically partition clusters if not
        # specific partitioning strategy is configured.
        # default: 25%
        autoPartitionSize: 10%
        # A list of definitions of partitions.  If any target clusters do not match
        # the configuration they are added to partitions at the end following the
        # autoPartitionSize.
        partitions:
          # A user friend name given to the partition used for Display (optional).
          # default: ""
        - name: canary
          # A number or percentage of clusters that can be unavailable in this
          # partition before this partition is treated as done.
          # default: 10%
          maxUnavailable: 10%
          # Selector matching cluster labels to include in this partition
          clusterSelector:
            matchLabels:
              env: prod
          # A cluster group name to include in this partition
          clusterGroup: agroup
          # Selector matching cluster group labels to include in this partition
          clusterGroupSelector:
            clusterSelector:
              matchLabels:
                env: prod

    # Target customization are used to determine how resources should be modified per target
    # Targets are evaluated in order and the first one to match a cluster is used for that cluster.
    targetCustomizations:
    # The name of target. If not specified a default name of the format "target000"
    # will be used. This value is mostly for display
    - name: prod
      # Custom namespace value overriding the value at the root
      namespace: newvalue
      # Custom defaultNamespace value overriding the value at the root
      defaultNamespace: newdefaultvalue
      # Custom kustomize options overriding the options at the root
      kustomize: {}
      # Custom Helm options override the options at the root
      helm: {}
      # If using raw YAML these are names that map to overlays/{name} that will be used
      # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml
      # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.
      # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.
      # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin
      # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.
      yaml:
        overlays:
        - custom2
        - custom3
      # A selector used to match clusters.  The structure is the standard
      # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,
      # clusterSelector will be used only to further refine the selection after
      # clusterGroupSelector and clusterGroup is evaluated.
      clusterSelector:
        matchLabels:
          env: prod
      # A selector used to match a specific cluster by name. When using Fleet in
      # Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.
      clusterName: dev-cluster
      # A selector used to match cluster groups.
      clusterGroupSelector:
        matchLabels:
          region: us-east
      # A specific clusterGroup by name that will be selected
      clusterGroup: group1
      # Resources will not be deployed in the matched clusters if doNotDeploy is true.
      doNotDeploy: false

    # dependsOn allows you to configure dependencies to other bundles. The current bundle
    # will only be deployed, after all dependencies are deployed and in a Ready state.
    dependsOn:
      # Format: <GITREPO-NAME>-<BUNDLE_PATH> with all path separators replaced by "-"
      # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"
      # Note: Bundle names are limited to 53 characters long. If longer they will be shortened:
      # opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7
      - name: one-multi-cluster-hello-world
      # Select bundles to depend on based on their label.
      - selector:
          matchLabels:
            app: weak-monkey

    # Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources
    # makes the Bundle to be in an error state when it shouldn't.
    ignore:
      # Conditions to be ignored
      conditions:
      # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}
      - type: Active
        status: "False"

    # Override targets defined in the GitRepo. The Bundle will not have any targets from the GitRepo if overrideTargets is provided.
    overrideTargets:
      - clusterSelector:
          matchLabels:
            env: dev

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/ref-gitrepo.html b/0.9/ref-gitrepo.html new file mode 100644 index 000000000..fe4bf9a74 --- /dev/null +++ b/0.9/ref-gitrepo.html @@ -0,0 +1,17 @@ + + + + + +GitRepo Resource | Fleet + + + + +
    +
    Version: 0.9

    GitRepo Resource

    The GitRepo resource describes git repositories, how to access them and where the bundles are located.

    The content of the resource corresponds to the GitRepoSpec. +For more information on how to use GitRepo resource, e.g. how to watch private repositories, see Create a GitRepo Resource.

    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      # Any name can be used here
      name: my-repo
      # For single cluster use fleet-local, otherwise use the namespace of
      # your choosing
      namespace: fleet-local
    spec:
      # This can be a HTTPS or git URL.  If you are using a git URL then
      # clientSecretName will probably need to be set to supply a credential.
      # repo is the only required parameter for a repo to be monitored.
      #
      repo: https://github.com/rancher/fleet-examples

      # Enforce all resources go to this target namespace. If a cluster scoped
      # resource is found the deployment will fail.
      #
      # targetNamespace: app1

      # Any branch can be watched, this field is optional. If not specified the
      # branch is assumed to be master
      #
      # branch: master

      # A specific commit or tag can also be watched.
      #
      # revision: v0.3.0

      # For a private registry you must supply a clientSecretName. A default
      # secret can be set at the namespace level using the GitRepoRestriction
      # type. Secrets must be of the type "kubernetes.io/ssh-auth" or
      # "kubernetes.io/basic-auth". The secret is assumed to be in the
      # same namespace as the GitRepo
      #
      # clientSecretName: my-ssh-key
      #
      # If fleet.yaml contains a private Helm repo that requires authentication,
      # provide the credentials in a K8s secret and specify them here.
      # Danger: the credentials will be sent to all repositories referenced from
      # this gitrepo. See section below for more information.
      #
      # helmSecretName: my-helm-secret
      #
      # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.
      # Credentials will always be used if it is empty or not provided
      #
      # helmRepoURLRegex: https://charts.rancher.io/*
      #
      # To add additional ca-bundle for self-signed certs, caBundle can be
      # filled with base64 encoded pem data. For example:
      # `cat /path/to/ca.pem | base64 -w 0`
      #
      # caBundle: my-ca-bundle
      #
      # Disable SSL verification for git repo
      #
      # insecureSkipTLSVerify: true
      #
      # A git repo can read multiple paths in a repo at once.
      # The below field is expected to be an array of paths and
      # supports path globbing (ex: some/*/path)
      #
      # Example:
      # paths:
      # - single-path
      # - multiple-paths/*
      paths:
      - simple

      # PollingInterval configures how often fleet checks the git repo. The default
      # is 15 seconds.
      # Setting this to zero does not disable polling. It results in a 15s
      # interval, too.
      # As checking a git repo incurs a CPU cost, raising this value can help
      # lowering fleetcontroller's CPU usage if tens of git repos are used or more
      #
      # pollingInterval: 15s

      # Paused  causes changes in Git to not be propagated down to the clusters but
      # instead mark resources as OutOfSync
      #
      # paused: false

      # Increment this number to force a redeployment of contents from Git
      #
      # forceSyncGeneration: 0

      # The service account that will be used to perform this deployment.
      # This is the name of the service account that exists in the
      # downstream cluster in the cattle-fleet-system namespace. It is assumed
      # this service account already exists so it should be create before
      # hand, most likely coming from another git repo registered with
      # the Fleet manager.
      #
      # serviceAccount: moreSecureAccountThanClusterAdmin

      # Target clusters to deploy to if running Fleet in a multi-cluster
      # style. Refer to the "Mapping to Downstream Clusters" docs for
      # more information.
      # If empty, the "default" cluster group is used.
      #
      # targets: ...
      #
      # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses
      # a three-way merge strategy by default. 
      # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating 
      # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.
      # Keep in mind that resources might be recreated if force is enabled.
      # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.
      #
      #  correctDrift:
      #    enabled: false
      #    force: false #Warning: it might recreate resources if set to true
      #    keepFailHistory: false
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/ref-registration.html b/0.9/ref-registration.html new file mode 100644 index 000000000..8cde1b422 --- /dev/null +++ b/0.9/ref-registration.html @@ -0,0 +1,21 @@ + + + + + +Cluster Registration Internals | Fleet + + + + +
    +
    Version: 0.9

    Cluster Registration Internals

    How does cluster registration work?​

    This text describes cluster registration with more technical details. The text ignores agent initiated registration, as it’s not commonly used. +Agent initiated registration is "ClusterRegistrationToken first", which means pre-creating a cluster is optional.

    See "Register Downstream Clusters" to learn how to register clusters.

    Cluster first​

    fleet-controller starts up and may "bootstrap" the local cluster resource. In Rancher creating the local cluster resource is handlded by the fleetcluster controller instead, but otherwise the process is identical.

    For manager initiated registration the process is identical for the local cluster or any downstream cluster. It starts by creating a cluster resource, which refers to a kubeconfig secret.

    Cluster -> ClusterRegistrationToken + Import Account​

    Now that a cluster resource exists, fleet-controller triggers and runs import.go to create the fleet-agent deployment.
fleet-controller also creates a clusterregistrationtoken and waits for it to be complete. The clusterregistationtoken triggers the creation of the import service account, which can create clusterregistrations and read any secret in the system registration namespace (eg "cattle-fleet-clusters-system"). +The import.go will enqueue itself until the import service account exists, because that’s needed to create the fleet-agent-bootstrap secret. +Now, the fleet-agent and the bootstrap secret are present on the downstream cluster

    Fleet-Agent -> ClusterRegistration​

    Immediately the fleet-agent checks for a fleet-agent-bootstrap secret (which contains the import kubeconfig) and starts registering if present. Then fleet-agent creates a clusterregistration resource in fleet-default on the management cluster, with a random number. The random number will be used for the registration secret’s name.

    fleet-controller triggers and tries to grant the clusterregistration request to create fleet-agent’s serviceaccount and create the ‘c-*’ registration secret with the clients new kubeconfig. +The registration secret name is hash("clientID-clientRandom"). The new kubeconfig uses the "request" account. The request account can access the cluster status, bundledeployments and contents.

    Notes​

    • The registration starts with the "import" account and pivots to the "request" account.
    • The fleet-default namespace has all the cluster registrations, the import account uses a separate namespace.
    • Once the agent is registered, fleet-controller will trigger on a cluster/namespace change and call manageagent to create a bundle. The agent will update itself to the bundle and since the generation env var changes it will restart.
    • If no bootstrap secret exists, the agent will not re-register.

    Diagram​

    Process​

    Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster. +It's important to note that there are multiple ways to start this:

    • Creating a bootstrap config. Fleet does this for the local agent.
    • Creating a Cluster resource with a kubeconfig. Rancher does this for downstream clusters. See manager-initiated registration.
    • Create a ClusterRegistrationToken resource, optionally create a Cluster resource for a pre-defined (clientID) cluster. See agent-initiated registration.

    Registration

    Secrets​

    This diagram shows the resources created during registration and focuses on the k8s API server configuration.

    Registration Secrets

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/ref-resources.html b/0.9/ref-resources.html new file mode 100644 index 000000000..f250c4854 --- /dev/null +++ b/0.9/ref-resources.html @@ -0,0 +1,16 @@ + + + + + +List of Deployed Resources | Fleet + + + + +
    +
    Version: 0.9

    List of Deployed Resources

    After installing Fleet in Rancher these resources are created in the upstream cluster.

    TypeNameNamespace
    From Helm, intial setup:
    ClusterRolefleet-controller-
    ClusterRolegitjob-
    ClusterRoleBindingfleet-controller-
    ClusterRoleBindinggitjob-binding-
    ConfigMapfleet-controllercattle-fleet-system
    Deploymentfleet-controllercattle-fleet-system
    Deploymentgitjobcattle-fleet-system
    Rolefleet-controllercattle-fleet-system
    Rolegitjobcattle-fleet-system
    RoleBindingfleet-controllercattle-fleet-system
    RoleBindinggitjobcattle-fleet-system
    Servicegitjobcattle-fleet-system
    ServiceAccountfleet-controllercattle-fleet-system
    ServiceAccountgitjobcattle-fleet-system
    Generated:
    clusters.fleet.cattle.iolocalfleet-local
    clusters.provisioning.cattle.iolocalfleet-local
    clusters.management.cattle.iolocal-
    ClusterGroupdefaultfleet-local
    Bundlefleet-agent-localfleet-local
    For each registered cluster:
    clusters.provisioning.cattle.ioby default fleet-default
    clusters.management.cattle.iogenerated-
    clusters.fleet.cattle.iofleet-default
    Bundlefleet-default
    BundleDeploymentcluster-fleet-local-local-IDfleet-agent-local

    Also see [namespaces]

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/resources-during-deployment.html b/0.9/resources-during-deployment.html new file mode 100644 index 000000000..ee8557962 --- /dev/null +++ b/0.9/resources-during-deployment.html @@ -0,0 +1,16 @@ + + + + + +Custom Resources During Deployment | Fleet + + + + +
    +
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/troubleshooting.html b/0.9/troubleshooting.html new file mode 100644 index 000000000..1a1671fd9 --- /dev/null +++ b/0.9/troubleshooting.html @@ -0,0 +1,19 @@ + + + + + +Troubleshooting | Fleet + + + + +
    +
    Version: 0.9

    Troubleshooting

    This section contains commands and tips to troubleshoot Fleet.

    How Do I...​

    Fetch the log from fleet-controller?​

    In the local management cluster where the fleet-controller is deployed, run the following command with your specific fleet-controller pod name filled in:

    $ kubectl logs -l app=fleet-controller -n cattle-fleet-system

    Fetch the log from the fleet-agent?​

    Go to each downstream cluster and run the following command for the local cluster with your specific fleet-agent pod name filled in:

    # Downstream cluster
    $ kubectl logs -l app=fleet-agent -n cattle-fleet-system
    # Local cluster
    $ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system

    Fetch detailed error logs from GitRepos and Bundles?​

    Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:

    • For more information about the bundle, click on bundle, and the YAML mode will be enabled.
    • For more information about the GitRepo, click on GitRepo, then click on View Yaml in the upper right of the screen. After viewing the YAML, check status.conditions; a detailed error message should be displayed here.
    • Check the fleet-controller for synching errors.
    • Check the fleet-agent log in the downstream cluster if you encounter issues when deploying the bundle.

    Fetch detailed status from GitRepos and Bundles?​

    For debugging and bug reports the raw JSON of the resources status fields is most useful. +This can be accessed in the Rancher UI, or through kubectl:

    kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}
    kubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}

    Check a chart rendering error in Kustomize?​

    Check the fleet-controller logs and the fleet-agent logs.

    Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?​

    Check the gitjob-controller logs using the following command with your specific gitjob pod name filled in:

    $ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system

    Note that there are two containers inside the pod: the step-git-source container that clones the git repo, and the fleet container that applies bundles based on the git repo.

    The pods will usually have images named rancher/tekton-utils with the gitRepo name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific gitRepoName pod name and namespace:

    $ kubectl logs -f $gitRepoName-pod-name -n namespace

    Check the status of the fleet-controller?​

    You can check the status of the fleet-controller pods by running the commands below:

    kubectl -n cattle-fleet-system logs -l app=fleet-controller
    kubectl -n cattle-fleet-system get pods -l app=fleet-controller
    NAME                                READY   STATUS    RESTARTS   AGE
    fleet-controller-64f49d756b-n57wq   1/1     Running   0          3m21s

    Enable debug logging for fleet-controller and fleet-agent?​

    Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added.

    • Go to the Dashboard, then click on the local cluster in the left navigation menu
    • Select Apps & Marketplace, then Installed Apps from the dropdown
    • From there, you will upgrade the Fleet chart with the value debug=true. You can also set debugLevel=5 if desired.

    Additional Solutions for Other Fleet Issues​

    Naming conventions for CRDs​

    1. For CRD terms like clusters and gitrepos, you must reference the full CRD name. For example, the cluster CRD's complete name is cluster.fleet.cattle.io, and the gitrepo CRD's complete name is gitrepo.fleet.cattle.io.

    2. Bundles, which are created from the GitRepo, follow the pattern $gitrepoName-$path in the same workspace/namespace where the GitRepo was created. Note that $path is the path directory in the git repository that contains the bundle (fleet.yaml).

    3. BundleDeployments, which are created from the bundle, follow the pattern $bundleName-$clusterName in the namespace clusters-$workspace-$cluster-$generateHash. Note that $clusterName is the cluster to which the bundle will be deployed.

    HTTP secrets in Github​

    When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:

    1. Create a personal access token in Github.
    2. In Rancher, create an HTTP secret with your Github username.
    3. Use your token as the secret.

    Fleet fails with bad response code: 403​

    If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your fleet.yaml:

    time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"

    Perform the following steps to assess:

    • Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully
    • Check that your credentials for the git repo are valid

    Helm chart repo: certificate signed by unknown authority​

    If your GitJob returns the error below, you may have added the wrong certificate chain:

    time="2021-11-11T05:55:08Z" level=fatal msg="Get \"https://helm.intra/virtual-helm/index.yaml\": x509: certificate signed by unknown authority"

    Please verify your certificate with the following command:

    context=playground-local
    kubectl get secret -n fleet-default helm-repo -o jsonpath="{['data']['cacerts']}" --context $context | base64 -d | openssl x509 -text -noout
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71
            Signature Algorithm: sha512WithRSAEncryption
            Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3
    ...

    Fleet deployment stuck in modified state​

    When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.

    To ignore the modified flag for the differences between the Helm install generated by fleet.yaml and the resource in your cluster, add a diff.comparePatches to the fleet.yaml for your Deployment, as shown in this example:

    defaultNamespace: <namespace name>
    helm:
      releaseName: <release name>
      repo: <repo name>
      chart: <chart name>
    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        operations:
        - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}
        - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}
        jsonPointers: # jsonPointers allows to ignore diffs at certain json path
        - "/spec/template/spec/priorityClassName"
        - "/spec/template/spec/tolerations"

    To determine which operations should be removed, observe the logs from fleet-agent on the target cluster. You should see entries similar to the following:

    level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\"spec\":{\"template\":{\"spec\":{\"hostNetwork\":false}}}}"

    Based on the above log, you can add the following entry to remove the operation:

    {"op":"remove", "path":"/spec/template/spec/hostNetwork"}

    GitRepo or Bundle stuck in modified state​

    Modified means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository.

    1. Check the bundle diffs documentation for more information.

    2. You can also force update the gitrepo to perform a manual resync. Select GitRepo on the left navigation bar, then select Force Update.

    Bundle has a Horizontal Pod Autoscaler (HPA) in modified state​

    For bundles with an HPA, the expected state is Modified, as the bundle contains fields that differ from the state of the Bundle at deployment - usually ReplicaSet.

    You must define a patch in the fleet.yaml to ignore this field according to GitRepo or Bundle stuck in modified state.

    Here is an example of such a patch for the deployment nginx in namespace default:

    diff:
      comparePatches:
      - apiVersion: apps/v1
        kind: Deployment
        name: nginx
        namespace: default
        operations:
        - {"op": "remove", "path": "/spec/replicas"}

    What if the cluster is unavailable, or is in a WaitCheckIn state?​

    You will need to re-import and restart the registration process: Select Cluster on the left navigation bar, then select Force Update

    caution

    WaitCheckIn status for Rancher v2.5: +The cluster will show in WaitCheckIn status because the fleet-controller is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the Rancher docs.

    GitRepo complains with gzip: invalid header​

    When you see an error like the one below ...

    Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header

    ... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content.

    Agent is no longer registered​

    You can force a redeployment of an agent for a given cluster by setting redeployAgentGeneration.

    kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p '[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]'

    Nested GitRepo CRs​

    Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available.

    Migrate the local cluster to the Fleet default cluster workspace?​

    Users can create new workspaces and move clusters across workspaces. +It's currently not possible to move the local cluster from fleet-local to another workspace.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/tut-deployment.html b/0.9/tut-deployment.html new file mode 100644 index 000000000..92af21af6 --- /dev/null +++ b/0.9/tut-deployment.html @@ -0,0 +1,20 @@ + + + + + +Creating a Deployment | Fleet + + + + +
    +
    Version: 0.9

    Creating a Deployment

    To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.

    This tutorial uses the fleet-examples repository.

    note

    For more details on how to structure the repository and configure the deployment of each bundle see GitRepo Contents. +For more details on the options that are available per Git repository see Adding a GitRepo.

    Single-Cluster Examples​

    All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet.

    An example using Helm. We are deploying the helm example to the local cluster.

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment:

    fleet.yaml
    namespace: fleet-helm-example

    # Custom helm options
    helm:
      # The release name to use. If empty a generated release name will be used
      releaseName: guestbook

      # The directory of the chart in the repo.  Also any valid go-getter supported
      # URL can be used there is specify where to download the chart from.
      # If repo below is set this value if the chart name in the repo
      chart: ""

      # An https to a valid Helm repository to download the chart from
      repo: ""

      # Used if repo is set to look up the version of the chart
      version: ""

      # Force recreate resource that can not be updated
      force: false

      # How long for helm to wait for the release to be active. If the value
      # is less that or equal to zero, we will not wait in Helm
      timeoutSeconds: 0

      # Custom values that will be passed as values.yaml to the installation
      values:
        replicas: 2

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-local namespace contains the local cluster resource. The local fleet-agent will create the deployment in the fleet-helm-example namespace.

    kubectl apply -n fleet-local -f - <<EOF
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - single-cluster/helm
    EOF

    Multi-Cluster Examples​

    The examples below will deploy a multi git repo to multiple clusters at once and configure the app differently for each target.

    An example using Helm. We are deploying the helm example and customizing it per target cluster

    The repository contains a helm chart and an optional fleet.yaml to configure the deployment. The fleet.yaml is used to configure different deployment options, depending on the cluster's labels:

    fleet.yaml
    namespace: fleet-mc-helm-example
    targetCustomizations:
    - name: dev
      helm:
        values:
          replication: false
      clusterSelector:
        matchLabels:
          env: dev

    - name: test
      helm:
        values:
          replicas: 3
      clusterSelector:
        matchLabels:
          env: test

    - name: prod
      helm:
        values:
          serviceType: LoadBalancer
          replicas: 3
      clusterSelector:
        matchLabels:
          env: prod

    To create the deployment, we apply the custom resource to the upstream cluster. The fleet-default namespace, by default, contains the downstream cluster resources. The chart will be deployed to all clusters in the fleet-default namespace, which have a labeled cluster resources that matches any entry under targets:.

    gitrepo.yaml
    kind: GitRepo
    apiVersion: fleet.cattle.io/v1alpha1
    metadata:
      name: helm
      namespace: fleet-default
    spec:
      repo: https://github.com/rancher/fleet-examples
      paths:
      - multi-cluster/helm
      targets:
      - name: dev
        clusterSelector:
          matchLabels:
            env: dev

      - name: test
        clusterSelector:
          matchLabels:
            env: test

      - name: prod
        clusterSelector:
          matchLabels:
            env: prod

    By applying the gitrepo resource to the upstream cluster, fleet will start to monitor the repository and create deployments:

    kubectl apply -n fleet-default -f gitrepo.yaml
    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/uninstall.html b/0.9/uninstall.html new file mode 100644 index 000000000..74c13e4eb --- /dev/null +++ b/0.9/uninstall.html @@ -0,0 +1,18 @@ + + + + + +Uninstall | Fleet + + + + +
    +
    Version: 0.9

    Uninstall

    Fleet is packaged as two Helm charts so uninstall is accomplished by +uninstalling the appropriate Helm charts. To uninstall Fleet run the following +two commands:

    helm -n cattle-fleet-system uninstall fleet
    helm -n cattle-fleet-system uninstall fleet-crd
    caution

    Uninstalling the CRDs will remove all deployed workloads.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/0.9/webhook.html b/0.9/webhook.html new file mode 100644 index 000000000..8772b44b3 --- /dev/null +++ b/0.9/webhook.html @@ -0,0 +1,18 @@ + + + + + +Using Webhooks Instead of Polling | Fleet + + + + +
    +
    Version: 0.9

    Using Webhooks Instead of Polling

    By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).

    For installations with multiple tens up to hundreds of Git repos, and in general to reduce latency (the time between a push to Git and fleet reacting to it), configuring webhooks is recommended instead of polling.

    Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs.

    1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.​

    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: webhook-ingress
      namespace: cattle-fleet-system
    spec:
      rules:
      - host: your.domain.com
        http:
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: gitjob
                  port:
                    number: 80
    info

    You can configure TLS on ingress.

    2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.​

    Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default. +If your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the +secret, follow step 3.

    note

    only application/json is supported due to the limitation of webhook library.

    caution

    If you configured the webhook the polling interval will be automatically adjusted to 1 hour.

    3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.​

    ProviderK8s Secret Key
    GitHubgithub
    GitLabgitlab
    BitBucketbitbucket
    BitBucketServerbitbucket-server
    Gogsgogs

    For example, to create a secret containing a GitHub secret to validate the webhook payload, run:

    kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue

    4. Go to your git provider and test the connection. You should get a HTTP response code.​

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + + + \ No newline at end of file diff --git a/404.html b/404.html index 19fc29d62..05626a005 100644 --- a/404.html +++ b/404.html @@ -4,13 +4,13 @@ Page Not Found | Fleet - - + +
    -

    Page Not Found

    We could not find what you were looking for.

    Please contact the owner of the site that linked you to the original URL and let them know their link is broken.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +

    Page Not Found

    We could not find what you were looking for.

    Please contact the owner of the site that linked you to the original URL and let them know their link is broken.

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/architecture.html b/architecture.html index 89f83757d..d0acc5f03 100644 --- a/architecture.html +++ b/architecture.html @@ -4,12 +4,12 @@ Architecture | Fleet - - + +
    -
    Version: Next 🚧

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These +

    Version: Next 🚧

    Architecture

    Fleet has two primary components. The Fleet manager and the cluster agents. These components work in a two-stage pull model. The Fleet manager will pull from git and the cluster agents will pull from the Fleet manager.

    Fleet Manager​

    The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes cluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no @@ -28,8 +28,8 @@ The cluster registration token is used only during the registration process to g to that cluster. After the cluster credential is established the cluster "forgets" the cluster registration token.

    The service accounts given to the clusters only have privileges to list BundleDeployment in the namespace created specifically for that cluster. It can also update the status subresource of BundleDeployment and the status -subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    - - +subresource of it's Cluster resource.

    Component Overview​

    An overview of the components and how they interact on a high level.

    Components

    Copyright © 2023 SUSE Rancher. All Rights Reserved.
    + + \ No newline at end of file diff --git a/assets/js/01b4035b.171af502.js b/assets/js/01b4035b.d15f02be.js similarity index 99% rename from assets/js/01b4035b.171af502.js rename to assets/js/01b4035b.d15f02be.js index dc4d38573..bec6b93b1 100644 --- a/assets/js/01b4035b.171af502.js +++ b/assets/js/01b4035b.d15f02be.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8002],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/docs/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/namespaces.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/gitrepo-content"},next:{title:"Custom Resources During Deployment",permalink:"/resources-during-deployment"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,"The cluster registration namespace contains the cluster and the clusterregistration resources, as well as any gitrepos and bundles."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8002],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/docs/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/namespaces.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/gitrepo-content"},next:{title:"Custom Resources During Deployment",permalink:"/resources-during-deployment"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,"The cluster registration namespace contains the cluster and the clusterregistration resources, as well as any gitrepos and bundles."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file diff --git a/assets/js/0209d9e7.597854d6.js b/assets/js/0209d9e7.83b2c779.js similarity index 98% rename from assets/js/0209d9e7.597854d6.js rename to assets/js/0209d9e7.83b2c779.js index f77fa5f0a..bc83b6b3b 100644 --- a/assets/js/0209d9e7.597854d6.js +++ b/assets/js/0209d9e7.83b2c779.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9766],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),d=o,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,s(s({ref:t},p),{},{components:n})):r.createElement(f,s({ref:t},p))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.7/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.7/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.7/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-gitrepo.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.7/ref-fleet-yaml"},next:{title:"Bundle Resource",permalink:"/0.7/ref-bundle"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.\n # Credentials will always be used if it is empty or not provided\n #\n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n # If empty, the "default" cluster group is used.\n #\n # targets: ...\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9766],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),d=o,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,s(s({ref:t},p),{},{components:n})):r.createElement(f,s({ref:t},p))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.7/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.7/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.7/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-gitrepo.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.7/ref-fleet-yaml"},next:{title:"Bundle Resource",permalink:"/0.7/ref-bundle"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.\n # Credentials will always be used if it is empty or not provided\n #\n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n # If empty, the "default" cluster group is used.\n #\n # targets: ...\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0252b8ff.b9d5cb88.js b/assets/js/0252b8ff.f09f2775.js similarity index 99% rename from assets/js/0252b8ff.b9d5cb88.js rename to assets/js/0252b8ff.f09f2775.js index e96d10fd8..23d99f892 100644 --- a/assets/js/0252b8ff.b9d5cb88.js +++ b/assets/js/0252b8ff.f09f2775.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4311],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.4/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.4/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.4/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-structure.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.4/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.4/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4311],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.4/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.4/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.4/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-structure.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.4/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.4/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0364e902.885227cd.js b/assets/js/0364e902.7f26374a.js similarity index 98% rename from assets/js/0364e902.885227cd.js rename to assets/js/0364e902.7f26374a.js index 1eab4825e..b259d8ee2 100644 --- a/assets/js/0364e902.885227cd.js +++ b/assets/js/0364e902.7f26374a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1263],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.7/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.7/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.7/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/namespaces.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.7/gitrepo-content"},next:{title:"Custom Resources",permalink:"/0.7/ref-resources"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.7/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.7/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.7/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1263],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.7/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.7/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.7/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/namespaces.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.7/gitrepo-content"},next:{title:"Custom Resources",permalink:"/0.7/ref-resources"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.7/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.7/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.7/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file diff --git a/assets/js/07db75e5.fdaaf270.js b/assets/js/07db75e5.50683faf.js similarity index 98% rename from assets/js/07db75e5.fdaaf270.js rename to assets/js/07db75e5.50683faf.js index 67be5da0c..671879f99 100644 --- a/assets/js/07db75e5.fdaaf270.js +++ b/assets/js/07db75e5.50683faf.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7966],{6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},8469:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>s,metadata:()=>p,toc:()=>d});var a=n(7462),l=(n(7294),n(3905)),i=n(6828),r=n(814);const s={},o="Agent Initiated",p={unversionedId:"agent-initiated",id:"version-0.5/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.5/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.5/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/agent-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"}},c={},d=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],u={toc:d};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",i.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",i.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}h.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7966],{6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},8469:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>s,metadata:()=>p,toc:()=>d});var a=n(7462),l=(n(7294),n(3905)),i=n(6828),r=n(814);const s={},o="Agent Initiated",p={unversionedId:"agent-initiated",id:"version-0.5/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.5/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.5/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/agent-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"}},c={},d=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],u={toc:d};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",i.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",i.d["v0.5"].fleetAgent),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/095d9053.4f6c5caa.js b/assets/js/095d9053.ff8f1ff1.js similarity index 99% rename from assets/js/095d9053.4f6c5caa.js rename to assets/js/095d9053.ff8f1ff1.js index b5ca983f8..1ddb44f89 100644 --- a/assets/js/095d9053.4f6c5caa.js +++ b/assets/js/095d9053.ff8f1ff1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6700],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),d=r,h=c["".concat(s,".").concat(d)]||c[d]||m[d]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Mapping to Downstream Clusters",i={unversionedId:"gitrepo-targets",id:"version-0.8/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.8/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.8/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/gitrepo-targets.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.8/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.8/bundle-diffs"}},s={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Supported Customizations",id:"supported-customizations",level:3},{value:"Additional Examples",id:"additional-examples",level:2}],u={toc:p};function m(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style\nIf no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n # Match everything\n - clusterSelector: {}\n # Selector ignored\n - clusterSelector: null\n")),(0,r.kt)("p",null,"You can also match clusters by name:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n - clusterName: fleetname\n")),(0,r.kt)("p",null,"When using Fleet in Rancher, make sure to put the name of the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource."),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"targets:")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource select clusters to deploy on. The ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations:")," in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," override Helm values only and do not change targeting.")),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),":")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h3",{id:"supported-customizations"},"Supported Customizations"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"DefaultNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ForceSyncGeneration"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"KeepResources"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ServiceAccount"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"TargetNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Atomic"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Chart"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.DisablePreProcess"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Force"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ReleaseName"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Repo"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TakeOwnership"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TimeoutSeconds"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ValuesFrom"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Values"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Version")),(0,r.kt)("admonition",{parentName:"li",title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will\ndeploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed\netcd's configured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details."))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.WaitForJobs"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#kustomizeoptions"},"Kustomize.Dir"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#yamloptions"},"YAML.Overlays"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#diffoptions"},"Diff.ComparePatches")))),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6700],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),d=r,h=c["".concat(s,".").concat(d)]||c[d]||m[d]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Mapping to Downstream Clusters",i={unversionedId:"gitrepo-targets",id:"version-0.8/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.8/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.8/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/gitrepo-targets.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.8/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.8/bundle-diffs"}},s={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Supported Customizations",id:"supported-customizations",level:3},{value:"Additional Examples",id:"additional-examples",level:2}],u={toc:p};function m(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style\nIf no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n # Match everything\n - clusterSelector: {}\n # Selector ignored\n - clusterSelector: null\n")),(0,r.kt)("p",null,"You can also match clusters by name:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n - clusterName: fleetname\n")),(0,r.kt)("p",null,"When using Fleet in Rancher, make sure to put the name of the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource."),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"targets:")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource select clusters to deploy on. The ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations:")," in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," override Helm values only and do not change targeting.")),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),":")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h3",{id:"supported-customizations"},"Supported Customizations"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"DefaultNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ForceSyncGeneration"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"KeepResources"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ServiceAccount"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"TargetNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Atomic"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Chart"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.DisablePreProcess"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Force"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ReleaseName"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Repo"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TakeOwnership"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TimeoutSeconds"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ValuesFrom"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Values"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Version")),(0,r.kt)("admonition",{parentName:"li",title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will\ndeploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed\netcd's configured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details."))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.WaitForJobs"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#kustomizeoptions"},"Kustomize.Dir"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#yamloptions"},"YAML.Overlays"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#diffoptions"},"Diff.ComparePatches")))),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0a06c365.1c5ae544.js b/assets/js/0a06c365.50ec83d7.js similarity index 98% rename from assets/js/0a06c365.1c5ae544.js rename to assets/js/0a06c365.50ec83d7.js index 24234562f..a56e87f4c 100644 --- a/assets/js/0a06c365.1c5ae544.js +++ b/assets/js/0a06c365.50ec83d7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1371],{6828:(e,t,n)=>{n.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},2615:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>m,frontMatter:()=>i,metadata:()=>c,toc:()=>p});var l=n(7462),a=(n(7294),n(3905)),r=n(6828),s=n(814);const i={},o="Multi Cluster Install",c={unversionedId:"multi-cluster-install",id:"version-0.5/multi-cluster-install",title:"Multi Cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.5/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.5/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/multi-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.5/uninstall"}},u={},p=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],d={toc:p};function m(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,l.Z)({},d,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"multi-cluster-install"},"Multi Cluster Install"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,a.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,a.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,a.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,a.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,a.kt)("h3",{id:"helm-3"},"Helm 3"),(0,a.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,a.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,a.kt)("p",null,"macOS"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Windows"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,a.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,a.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,a.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,a.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,a.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,a.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,a.kt)("p",null,"Please note that the ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,a.kt)("p",null,"If you have ",(0,a.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,a.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,a.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,a.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,a.kt)("p",null,"Run the following commands"),(0,a.kt)("p",null,"Setup the environment with your specific values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"First validate the server URL is correct."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,a.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,a.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"If you get a valid JSON response or an ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,a.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,a.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,a.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,a.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,a.kt)("p",null,"Second install the Fleet controllers."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet'," ",r.d["v0.5"].fleet),(0,a.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview"},"register clusters")," and ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}m.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>l});const l=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1371],{6828:(e,t,n)=>{n.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},2615:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>m,frontMatter:()=>i,metadata:()=>c,toc:()=>p});var l=n(7462),a=(n(7294),n(3905)),r=n(6828),s=n(814);const i={},o="Multi Cluster Install",c={unversionedId:"multi-cluster-install",id:"version-0.5/multi-cluster-install",title:"Multi Cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.5/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.5/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/multi-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.5/uninstall"}},u={},p=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],d={toc:p};function m(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,l.Z)({},d,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"multi-cluster-install"},"Multi Cluster Install"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,a.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,a.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,a.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,a.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,a.kt)("h3",{id:"helm-3"},"Helm 3"),(0,a.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,a.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,a.kt)("p",null,"macOS"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Windows"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,a.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,a.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,a.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,a.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,a.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,a.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,a.kt)("p",null,"Please note that the ",(0,a.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,a.kt)("p",null,"If you have ",(0,a.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,a.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,a.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,a.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,a.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,a.kt)("p",null,"Run the following commands"),(0,a.kt)("p",null,"Setup the environment with your specific values."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,a.kt)("p",null,"First validate the server URL is correct."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,a.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,a.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,a.kt)("p",null,"If you get a valid JSON response or an ",(0,a.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,a.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,a.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,a.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,a.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,a.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.5"].fleetCRD),(0,a.kt)("p",null,"Second install the Fleet controllers."),(0,a.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet'," ",r.d["v0.5"].fleet),(0,a.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview"},"register clusters")," and ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}m.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>l});const l=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/0ab79735.a260535e.js b/assets/js/0ab79735.8b96b6b7.js similarity index 99% rename from assets/js/0ab79735.a260535e.js rename to assets/js/0ab79735.8b96b6b7.js index 74ff7727e..ba3188351 100644 --- a/assets/js/0ab79735.a260535e.js +++ b/assets/js/0ab79735.8b96b6b7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7333],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},4951:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.8/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.8/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.8/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/installation.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources During Deployment",permalink:"/0.8/resources-during-deployment"},next:{title:"Register Downstream Clusters",permalink:"/0.8/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)("p",null,"First add Fleet's Helm repository."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd"),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet")),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA.")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First add Fleet's Helm repository.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.8/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7333],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},4951:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.8/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.8/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.8/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/installation.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources During Deployment",permalink:"/0.8/resources-during-deployment"},next:{title:"Register Downstream Clusters",permalink:"/0.8/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)("p",null,"First add Fleet's Helm repository."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd"),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet")),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA.")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First add Fleet's Helm repository.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.8/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/0acb2694.457639cb.js b/assets/js/0acb2694.894e1f43.js similarity index 97% rename from assets/js/0acb2694.457639cb.js rename to assets/js/0acb2694.894e1f43.js index 882df760a..2ecd6bbe6 100644 --- a/assets/js/0acb2694.457639cb.js +++ b/assets/js/0acb2694.894e1f43.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[961],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.8/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.8/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-cli/fleet.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.8/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.8/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[961],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.8/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.8/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-cli/fleet.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.8/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.8/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0bd7b06f.b78f34e7.js b/assets/js/0bd7b06f.4fc500f6.js similarity index 94% rename from assets/js/0bd7b06f.b78f34e7.js rename to assets/js/0bd7b06f.4fc500f6.js index 2020cc4d8..a3ba52348 100644 --- a/assets/js/0bd7b06f.b78f34e7.js +++ b/assets/js/0bd7b06f.4fc500f6.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6422],{3905:(e,t,a)=>{a.d(t,{Zo:()=>d,kt:()=>h});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function l(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),s=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):l(l({},t),e)),a},d=function(e){var t=s(e.components);return n.createElement(p.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),m=s(a),h=r,u=m["".concat(p,".").concat(h)]||m[h]||c[h]||i;return a?n.createElement(u,l(l({ref:t},d),{},{components:a})):n.createElement(u,l({ref:t},d))}));function h(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,l=new Array(i);l[0]=m;var o={};for(var p in t)hasOwnProperty.call(t,p)&&(o[p]=t[p]);o.originalType=e,o.mdxType="string"==typeof e?e:r,l[1]=o;for(var s=2;s{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>l,default:()=>c,frontMatter:()=>i,metadata:()=>o,toc:()=>s});var n=a(7462),r=(a(7294),a(3905));const i={},l="Create a GitRepo Resource",o={unversionedId:"gitrepo-add",id:"version-0.7/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.7/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.7/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/gitrepo-add.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.7/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.7/gitrepo-targets"}},p={},s=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2},{value:"Use different helm credentials for each path",id:"use-different-helm-credentials-for-each-path",level:3}],d={toc:s};function c(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.7/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"/0.7/gitrepo-content"},"Git Repository Contents")," has detail about the content of the Git repository."),(0,r.kt)("p",null,"The available fields of the GitRepo custom resource are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.7/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.7/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.7/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Use ",(0,r.kt)("a",{parentName:"p",href:"#use-different-helm-credentials-for-each-path"},"different helm credentials for each path"),",\nor split them into different gitrepos, or use ",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h3",{id:"use-different-helm-credentials-for-each-path"},"Use different helm credentials for each path"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName")," will be ignored if ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretNameForPaths")," is provided")),(0,r.kt)("p",null,"Create a file ",(0,r.kt)("inlineCode",{parentName:"p"},"secrets-path.yaml")," that contains credentials for each path defined in a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". Credentials will not be used\nfor paths that are not present in this file.\nThe path is the actual path to the bundle (ie to a folder containing a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file) within the git repository, which might have more segments than the entry under ",(0,r.kt)("inlineCode",{parentName:"p"},"paths:"),"."),(0,r.kt)("p",null,"Example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"path-one: # path path-one must exist in the repository\n username: user\n password: pass\npath-two: # path path-one must exist in the repository\n username: user2\n password: pass2\n caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=\n sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n")),(0,r.kt)("p",null,"Create the secret"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml\n")),(0,r.kt)("p",null,"In the previous example credentials for username ",(0,r.kt)("inlineCode",{parentName:"p"},"user")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-one")," and credentials for username\n",(0,r.kt)("inlineCode",{parentName:"p"},"user2")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-two"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"caBundle")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"sshPrivateKey")," must be base64 encoded."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.7/troubleshooting"},"here"),".")))}c.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6422],{3905:(e,t,a)=>{a.d(t,{Zo:()=>d,kt:()=>h});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),s=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},d=function(e){var t=s(e.components);return n.createElement(p.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),m=s(a),h=r,u=m["".concat(p,".").concat(h)]||m[h]||c[h]||i;return a?n.createElement(u,o(o({ref:t},d),{},{components:a})):n.createElement(u,o({ref:t},d))}));function h(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var l={};for(var p in t)hasOwnProperty.call(t,p)&&(l[p]=t[p]);l.originalType=e,l.mdxType="string"==typeof e?e:r,o[1]=l;for(var s=2;s{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>c,frontMatter:()=>i,metadata:()=>l,toc:()=>s});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",l={unversionedId:"gitrepo-add",id:"version-0.7/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.7/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.7/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/gitrepo-add.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.7/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.7/gitrepo-targets"}},p={},s=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2},{value:"Use different helm credentials for each path",id:"use-different-helm-credentials-for-each-path",level:3}],d={toc:s};function c(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.7/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"/0.7/gitrepo-content"},"Git Repository Contents")," has detail about the content of the Git repository."),(0,r.kt)("p",null,"The available fields of the GitRepo custom resource are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.7/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.7/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.7/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Use ",(0,r.kt)("a",{parentName:"p",href:"#use-different-helm-credentials-for-each-path"},"different helm credentials for each path"),",\nor split them into different gitrepos, or use ",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h3",{id:"use-different-helm-credentials-for-each-path"},"Use different helm credentials for each path"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName")," will be ignored if ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretNameForPaths")," is provided")),(0,r.kt)("p",null,"Create a file ",(0,r.kt)("inlineCode",{parentName:"p"},"secrets-path.yaml")," that contains credentials for each path defined in a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". Credentials will not be used\nfor paths that are not present in this file.\nThe path is the actual path to the bundle (ie to a folder containing a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file) within the git repository, which might have more segments than the entry under ",(0,r.kt)("inlineCode",{parentName:"p"},"paths:"),"."),(0,r.kt)("p",null,"Example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"path-one: # path path-one must exist in the repository\n username: user\n password: pass\npath-two: # path path-one must exist in the repository\n username: user2\n password: pass2\n caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=\n sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n")),(0,r.kt)("p",null,"Create the secret"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml\n")),(0,r.kt)("p",null,"In the previous example credentials for username ",(0,r.kt)("inlineCode",{parentName:"p"},"user")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-one")," and credentials for username\n",(0,r.kt)("inlineCode",{parentName:"p"},"user2")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-two"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"caBundle")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"sshPrivateKey")," must be base64 encoded."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.7/troubleshooting"},"here"),".")))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0ce1d2b6.339f038e.js b/assets/js/0ce1d2b6.2af6a878.js similarity index 99% rename from assets/js/0ce1d2b6.339f038e.js rename to assets/js/0ce1d2b6.2af6a878.js index 5e5fff24c..4ad14ffd3 100644 --- a/assets/js/0ce1d2b6.339f038e.js +++ b/assets/js/0ce1d2b6.2af6a878.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8646],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,d=i(e,["components","mdxType","originalType","parentName"]),m=p(n),u=r,h=m["".concat(s,".").concat(u)]||m[u]||c[u]||l;return n?a.createElement(h,o(o({ref:t},d),{},{components:n})):a.createElement(h,o({ref:t},d))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>c,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Git Repository Contents",i={unversionedId:"gitrepo-content",id:"version-0.6/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.6/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.6/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-content.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.6/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.6/namespaces"}},s={},p=[{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],d={toc:p};function c(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.6/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/ref-fleet-yaml"},"fleet.yaml reference")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.6/cluster-bundles-state"},"Cluster and Bundle state"),"."))}c.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8646],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,d=i(e,["components","mdxType","originalType","parentName"]),m=p(n),u=r,h=m["".concat(s,".").concat(u)]||m[u]||c[u]||l;return n?a.createElement(h,o(o({ref:t},d),{},{components:n})):a.createElement(h,o({ref:t},d))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>c,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Git Repository Contents",i={unversionedId:"gitrepo-content",id:"version-0.6/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.6/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.6/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-content.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.6/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.6/namespaces"}},s={},p=[{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],d={toc:p};function c(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.6/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.6/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/ref-fleet-yaml"},"fleet.yaml reference")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.6/cluster-bundles-state"},"Cluster and Bundle state"),"."))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0db4760e.e4ec5773.js b/assets/js/0db4760e.22e0da4b.js similarity index 98% rename from assets/js/0db4760e.e4ec5773.js rename to assets/js/0db4760e.22e0da4b.js index ab0f02548..17ee0022b 100644 --- a/assets/js/0db4760e.e4ec5773.js +++ b/assets/js/0db4760e.22e0da4b.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2771],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),l=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},c=function(e){var t=l(e.components);return n.createElement(p.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=l(a),d=r,k=m["".concat(p,".").concat(d)]||m[d]||u[d]||i;return a?n.createElement(k,o(o({ref:t},c),{},{components:a})):n.createElement(k,o({ref:t},c))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var s={};for(var p in t)hasOwnProperty.call(t,p)&&(s[p]=t[p]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var l=2;l{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>l});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",s={unversionedId:"gitrepo-add",id:"version-0.6/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.6/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.6/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-add.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.6/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.6/gitrepo-targets"}},p={},l=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:l};function u(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,r.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,r.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,r.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,r.kt)("p",null,"The resources can then be referenced from a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use\n",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.6/troubleshooting"},"here"),".")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2771],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),l=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},c=function(e){var t=l(e.components);return n.createElement(p.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=l(a),d=r,k=m["".concat(p,".").concat(d)]||m[d]||u[d]||i;return a?n.createElement(k,o(o({ref:t},c),{},{components:a})):n.createElement(k,o({ref:t},c))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var s={};for(var p in t)hasOwnProperty.call(t,p)&&(s[p]=t[p]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var l=2;l{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>l});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",s={unversionedId:"gitrepo-add",id:"version-0.6/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.6/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.6/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-add.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.6/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.6/gitrepo-targets"}},p={},l=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:l};function u(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.6/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,r.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,r.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,r.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,r.kt)("p",null,"The resources can then be referenced from a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Split them into different gitrepos, or use\n",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.6/troubleshooting"},"here"),".")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0e3fdb5a.85e6de4c.js b/assets/js/0e3fdb5a.85e6de4c.js new file mode 100644 index 000000000..dc6e98f0f --- /dev/null +++ b/assets/js/0e3fdb5a.85e6de4c.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5512],{3905:(e,t,a)=>{a.d(t,{Zo:()=>d,kt:()=>h});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),s=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},d=function(e){var t=s(e.components);return n.createElement(p.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),m=s(a),h=r,u=m["".concat(p,".").concat(h)]||m[h]||c[h]||i;return a?n.createElement(u,o(o({ref:t},d),{},{components:a})):n.createElement(u,o({ref:t},d))}));function h(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var l={};for(var p in t)hasOwnProperty.call(t,p)&&(l[p]=t[p]);l.originalType=e,l.mdxType="string"==typeof e?e:r,o[1]=l;for(var s=2;s{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>c,frontMatter:()=>i,metadata:()=>l,toc:()=>s});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",l={unversionedId:"gitrepo-add",id:"version-0.9/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.9/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.9/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/gitrepo-add.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.9/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.9/gitrepo-targets"}},p={},s=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2},{value:"Use different helm credentials for each path",id:"use-different-helm-credentials-for-each-path",level:3}],d={toc:s};function c(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.9/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"/0.9/gitrepo-content"},"Git Repository Contents")," has detail about the content of the Git repository."),(0,r.kt)("p",null,"The available fields of the GitRepo custom resource are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.9/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.9/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.9/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Use ",(0,r.kt)("a",{parentName:"p",href:"#use-different-helm-credentials-for-each-path"},"different helm credentials for each path"),",\nor split them into different gitrepos, or use ",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h3",{id:"use-different-helm-credentials-for-each-path"},"Use different helm credentials for each path"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName")," will be ignored if ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretNameForPaths")," is provided")),(0,r.kt)("p",null,"Create a file ",(0,r.kt)("inlineCode",{parentName:"p"},"secrets-path.yaml")," that contains credentials for each path defined in a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". Credentials will not be used\nfor paths that are not present in this file.\nThe path is the actual path to the bundle (ie to a folder containing a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file) within the git repository, which might have more segments than the entry under ",(0,r.kt)("inlineCode",{parentName:"p"},"paths:"),"."),(0,r.kt)("p",null,"Example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"path-one: # path path-one must exist in the repository\n username: user\n password: pass\npath-two: # path path-one must exist in the repository\n username: user2\n password: pass2\n caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=\n sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n")),(0,r.kt)("p",null,"Create the secret"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml\n")),(0,r.kt)("p",null,"In the previous example credentials for username ",(0,r.kt)("inlineCode",{parentName:"p"},"user")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-one")," and credentials for username\n",(0,r.kt)("inlineCode",{parentName:"p"},"user2")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-two"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"caBundle")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"sshPrivateKey")," must be base64 encoded."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.9/troubleshooting"},"here"),".")))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0e50cd4d.9f4bda82.js b/assets/js/0e50cd4d.1762ebb5.js similarity index 96% rename from assets/js/0e50cd4d.9f4bda82.js rename to assets/js/0e50cd4d.1762ebb5.js index 5d5473fc3..55ab9ebab 100644 --- a/assets/js/0e50cd4d.9f4bda82.js +++ b/assets/js/0e50cd4d.1762ebb5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6560],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.5/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.5/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.5/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-group.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"},next:{title:"Namespaces",permalink:"/0.5/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6560],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.5/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.5/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.5/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-group.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.5/manager-initiated"},next:{title:"Namespaces",permalink:"/0.5/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/0f38f188.0eca7fcd.js b/assets/js/0f38f188.33602069.js similarity index 98% rename from assets/js/0f38f188.0eca7fcd.js rename to assets/js/0f38f188.33602069.js index 859d81fe4..185dbb18d 100644 --- a/assets/js/0f38f188.0eca7fcd.js +++ b/assets/js/0f38f188.33602069.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6266],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.7/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.7/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.7/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/webhook.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.7/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.7/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6266],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.7/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.7/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.7/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/webhook.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.7/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.7/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/10f03480.a7a8fb1f.js b/assets/js/10f03480.b6d4e5e7.js similarity index 98% rename from assets/js/10f03480.a7a8fb1f.js rename to assets/js/10f03480.b6d4e5e7.js index 8e0a728d3..3580711e9 100644 --- a/assets/js/10f03480.a7a8fb1f.js +++ b/assets/js/10f03480.b6d4e5e7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5945],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.4/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.4/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.4/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/examples.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.4/architecture"},next:{title:"Overview",permalink:"/0.4/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.4/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.4/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.4/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5945],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.4/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.4/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.4/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/examples.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.4/architecture"},next:{title:"Overview",permalink:"/0.4/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.4/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.4/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.4/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/11f54a6a.a26f6fa7.js b/assets/js/11f54a6a.30a304a0.js similarity index 99% rename from assets/js/11f54a6a.a26f6fa7.js rename to assets/js/11f54a6a.30a304a0.js index 4691d6520..960a01ff6 100644 --- a/assets/js/11f54a6a.a26f6fa7.js +++ b/assets/js/11f54a6a.30a304a0.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7301],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.5/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.5/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.5/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-add.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.5/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.5/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7301],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.5/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.5/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.5/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-add.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.5/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.5/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/126a9cd0.a737c806.js b/assets/js/126a9cd0.a737c806.js new file mode 100644 index 000000000..578ce4466 --- /dev/null +++ b/assets/js/126a9cd0.a737c806.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8985],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(r),g=a,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||i;return r?n.createElement(m,s(s({ref:t},u),{},{components:r})):n.createElement(m,s({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,s=new Array(i);s[0]=d;var o={};for(var l in t)hasOwnProperty.call(t,l)&&(o[l]=t[l]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},s="Cluster Registration Internals",o={unversionedId:"ref-registration",id:"version-0.9/ref-registration",title:"Cluster Registration Internals",description:"How does cluster registration work?",source:"@site/versioned_docs/version-0.9/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.9/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/ref-registration.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.9/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.9/ref-configuration"}},l={},c=[{value:"How does cluster registration work?",id:"how-does-cluster-registration-work",level:2},{value:"Cluster first",id:"cluster-first",level:4},{value:"Cluster -> ClusterRegistrationToken + Import Account",id:"cluster---clusterregistrationtoken--import-account",level:4},{value:"Fleet-Agent -> ClusterRegistration",id:"fleet-agent---clusterregistration",level:4},{value:"Notes",id:"notes",level:3},{value:"Diagram",id:"diagram",level:2},{value:"Process",id:"process",level:3},{value:"Secrets",id:"secrets",level:3}],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("h2",{id:"how-does-cluster-registration-work"},"How does cluster registration work?"),(0,a.kt)("p",null,"This text describes cluster registration with more technical details. The text ignores agent initiated registration, as it\u2019s not commonly used.\n",(0,a.kt)("a",{parentName:"p",href:"/0.9/cluster-registration#agent-initiated"},"Agent initiated registration")," is ",(0,a.kt)("a",{parentName:"p",href:"/0.9/cluster-registration#create-cluster-registration-tokens"},'"',(0,a.kt)("inlineCode",{parentName:"a"},"ClusterRegistrationToken"),' first"'),", which means pre-creating a cluster is optional."),(0,a.kt)("p",null,'See "',(0,a.kt)("a",{parentName:"p",href:"/0.9/cluster-registration"},"Register Downstream Clusters"),'" to learn how to register clusters.'),(0,a.kt)("h4",{id:"cluster-first"},"Cluster first"),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller"),' starts up and may "bootstrap" the local cluster resource. In Rancher creating the local cluster resource is handlded by the fleetcluster controller instead, but otherwise the process is identical.'),(0,a.kt)("p",null,"For manager initiated registration the process is identical for the local cluster or any downstream cluster. It starts by creating a cluster resource, which refers to a kubeconfig secret."),(0,a.kt)("h4",{id:"cluster---clusterregistrationtoken--import-account"},"Cluster -> ClusterRegistrationToken + Import Account"),(0,a.kt)("p",null,"Now that a cluster resource exists, ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and runs ",(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," to create the fleet-agent deployment.\u2028",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," also creates a ",(0,a.kt)("a",{parentName:"p",href:"/0.9/architecture#security"},(0,a.kt)("inlineCode",{parentName:"a"},"clusterregistrationtoken"))," and waits for it to be complete. The ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistationtoken")," triggers the creation of the import service account, which can create ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistrations"),' and read any secret in the system registration namespace (eg "cattle-fleet-clusters-system").\nThe ',(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," will enqueue itself until the import service account exists, because that\u2019s needed to create the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret.\nNow, the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," and the bootstrap secret are present on the downstream cluster"),(0,a.kt)("h4",{id:"fleet-agent---clusterregistration"},"Fleet-Agent -> ClusterRegistration"),(0,a.kt)("p",null,"Immediately the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," checks for a ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret (which contains the import kubeconfig) and starts registering if present. Then ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," creates a clusterregistration resource in fleet-default on the management cluster, with a random number. The random number will be used for the registration secret\u2019s name."),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and tries to grant the clusterregistration request to create ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent"),"\u2019s serviceaccount and create the ",(0,a.kt)("inlineCode",{parentName:"p"},"\u2018c-*\u2019")," registration secret with the clients new kubeconfig.\nThe registration secret name is ",(0,a.kt)("inlineCode",{parentName:"p"},'hash("clientID-clientRandom")'),'. The new kubeconfig uses the "request" account. The request account can access the cluster status, ',(0,a.kt)("inlineCode",{parentName:"p"},"bundledeployments")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"contents"),"."),(0,a.kt)("h3",{id:"notes"},"Notes"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},'The registration starts with the "import" account and pivots to the "request" account.'),(0,a.kt)("li",{parentName:"ul"},"The fleet-default namespace has all the cluster registrations, the import account uses a separate namespace."),(0,a.kt)("li",{parentName:"ul"},"Once the agent is registered, ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will trigger on a cluster/namespace change and call manageagent to create a bundle. The agent will update itself to the bundle and since the generation env var changes it will restart."),(0,a.kt)("li",{parentName:"ul"},"If no bootstrap secret exists, the agent will not re-register.")),(0,a.kt)("h2",{id:"diagram"},"Diagram"),(0,a.kt)("h3",{id:"process"},"Process"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.9/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.9/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})),(0,a.kt)("h3",{id:"secrets"},"Secrets"),(0,a.kt)("p",null,"This diagram shows the resources created during registration and focuses on the k8s API server configuration."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration Secrets",src:r(4408).Z,width:"1581",height:"4162"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"},4408:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistrationSecrets-deae20b127f82ebcf32a5c593b53b912.svg"}}]); \ No newline at end of file diff --git a/assets/js/12f4838b.5a96d00e.js b/assets/js/12f4838b.458eae3f.js similarity index 98% rename from assets/js/12f4838b.5a96d00e.js rename to assets/js/12f4838b.458eae3f.js index 4b09db267..d3715b179 100644 --- a/assets/js/12f4838b.5a96d00e.js +++ b/assets/js/12f4838b.458eae3f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8795],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.5/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.5/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.5/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/manager-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.5/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8795],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.5/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.5/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.5/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/manager-initiated.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.5/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/140acae8.6c425118.js b/assets/js/140acae8.5ef1499d.js similarity index 98% rename from assets/js/140acae8.6c425118.js rename to assets/js/140acae8.5ef1499d.js index 16b743e29..adc081364 100644 --- a/assets/js/140acae8.6c425118.js +++ b/assets/js/140acae8.5ef1499d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6351],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=r,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||o;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const o={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.7/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.7/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.7/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-fleet-yaml.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.7/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.7/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,r.kt)("p",null,"For more information on how to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,r.kt)("a",{parentName:"p",href:"/0.7/gitrepo-content"},"Git Repository Contents"),"."),(0,r.kt)("p",null,"The content of the fleet.yaml corresponds to the struct at ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/b501b7e7864d37e310dfcdb109c73e5aec4240bb/pkg/bundlereader/read.go#L132-L139"},"pkg/bundlereader/read.go"),", which contains the ",(0,r.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a\n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default\n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector:\n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name.\n clusterName: dev-cluster\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n\n# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources\n# makes the Bundle to be in an error state when it shouldn\'t.\nignore:\n # Conditions to be ignored\n conditions:\n # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}\n - type: Active\n status: "False"\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6351],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=r,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||o;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const o={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.7/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.7/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.7/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-fleet-yaml.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.7/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.7/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,r.kt)("p",null,"For more information on how to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,r.kt)("a",{parentName:"p",href:"/0.7/gitrepo-content"},"Git Repository Contents"),"."),(0,r.kt)("p",null,"The content of the fleet.yaml corresponds to the struct at ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/b501b7e7864d37e310dfcdb109c73e5aec4240bb/pkg/bundlereader/read.go#L132-L139"},"pkg/bundlereader/read.go"),", which contains the ",(0,r.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a\n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default\n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector:\n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name.\n clusterName: dev-cluster\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n\n# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources\n# makes the Bundle to be in an error state when it shouldn\'t.\nignore:\n # Conditions to be ignored\n conditions:\n # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}\n - type: Active\n status: "False"\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/167e2e0a.d0272729.js b/assets/js/167e2e0a.317675a7.js similarity index 97% rename from assets/js/167e2e0a.d0272729.js rename to assets/js/167e2e0a.317675a7.js index f862c1e45..7abd2fcf1 100644 --- a/assets/js/167e2e0a.d0272729.js +++ b/assets/js/167e2e0a.317675a7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4552],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||o;return n?r.createElement(m,a(a({ref:t},p),{},{components:n})):r.createElement(m,a({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.8/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.8/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.8/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.8/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4552],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||o;return n?r.createElement(m,a(a({ref:t},p),{},{components:n})):r.createElement(m,a({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.8/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.8/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.8/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.8/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/170989a3.fd2f77fb.js b/assets/js/170989a3.13f5c096.js similarity index 97% rename from assets/js/170989a3.fd2f77fb.js rename to assets/js/170989a3.13f5c096.js index 5cc99158c..391226e72 100644 --- a/assets/js/170989a3.fd2f77fb.js +++ b/assets/js/170989a3.13f5c096.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7107],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.6/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.6/index.md",sourceDirName:".",slug:"/",permalink:"/0.6/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/index.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.6/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7107],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.6/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.6/index.md",sourceDirName:".",slug:"/",permalink:"/0.6/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/index.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.6/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file diff --git a/assets/js/18f4f7da.7a62b7d0.js b/assets/js/18f4f7da.7a62b7d0.js new file mode 100644 index 000000000..ecb3a05bc --- /dev/null +++ b/assets/js/18f4f7da.7a62b7d0.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6502],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function r(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=o,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||l;return n?a.createElement(f,r(r({ref:t},c),{},{components:n})):a.createElement(f,r({ref:t},c))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,r=new Array(l);r[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>s,toc:()=>u});var a=n(7462),o=(n(7294),n(3905));const l={},r="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.9/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.9/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.9/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/ref-fleet-yaml.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.9/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.9/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,o.kt)("p",null,"For more information on how to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,o.kt)("a",{parentName:"p",href:"/0.9/gitrepo-content"},"Git Repository Contents"),"."),(0,o.kt)("p",null,"The content of the fleet.yaml corresponds to the struct at ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/b501b7e7864d37e310dfcdb109c73e5aec4240bb/pkg/bundlereader/read.go#L132-L139"},"pkg/bundlereader/read.go"),", which contains the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,o.kt)("h3",{id:"reference"},"Reference"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# namespaceLabels are labels that will be appended to the namespace created by Fleet.\nnamespaceLabels:\n key: value\n# namespaceAnnotations are annotations that will be appended to the namespace created by Fleet.\nnamespaceAnnotations:\n key: value\n\n# Optional map of labels, that are set at the bundle and can be used in a\n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n ### These options control how "fleet apply" downloads the chart\n #\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n\n ### These options only work for helm-type bundles\n #\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default\n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n\n ### These options control how fleet-agent deploys the bundle, they also apply for kustomize- and manifest-style bundles.\n #\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # Disable DNS resolution in Helm\'s template functions\n disableDNS: false\n # Skip evaluation of the values.schema.json file\n skipSchemaValidation: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector:\n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. When using Fleet in\n # Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.\n clusterName: dev-cluster\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # Resources will not be deployed in the matched clusters if doNotDeploy is true.\n doNotDeploy: false\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n # Note: Bundle names are limited to 53 characters long. If longer they will be shortened:\n # opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n\n# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources\n# makes the Bundle to be in an error state when it shouldn\'t.\nignore:\n # Conditions to be ignored\n conditions:\n # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}\n - type: Active\n status: "False"\n\n# Override targets defined in the GitRepo. The Bundle will not have any targets from the GitRepo if overrideTargets is provided.\noverrideTargets:\n - clusterSelector:\n matchLabels:\n env: dev\n\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/1bd61b9d.0b16f103.js b/assets/js/1bd61b9d.89ff5a35.js similarity index 99% rename from assets/js/1bd61b9d.0b16f103.js rename to assets/js/1bd61b9d.89ff5a35.js index 141d04281..9a1266012 100644 --- a/assets/js/1bd61b9d.0b16f103.js +++ b/assets/js/1bd61b9d.89ff5a35.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6950],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.6/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.6/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.6/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/bundle-diffs.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.6/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.6/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6950],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.6/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.6/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.6/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/bundle-diffs.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.6/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.6/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/1f14308a.ac059e1a.js b/assets/js/1f14308a.ca8a114b.js similarity index 97% rename from assets/js/1f14308a.ac059e1a.js rename to assets/js/1f14308a.ca8a114b.js index 3c0060de6..7a1c00118 100644 --- a/assets/js/1f14308a.ac059e1a.js +++ b/assets/js/1f14308a.ca8a114b.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4728],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.5/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.5/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.5/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/imagescan.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.5/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4728],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.5/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.5/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.5/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/imagescan.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.5/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/1f330703.228894e7.js b/assets/js/1f330703.b099cbf2.js similarity index 98% rename from assets/js/1f330703.228894e7.js rename to assets/js/1f330703.b099cbf2.js index 1065b8513..ce6684e87 100644 --- a/assets/js/1f330703.228894e7.js +++ b/assets/js/1f330703.b099cbf2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8134],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.8/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.8/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.8/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/architecture.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.8/uninstall"},next:{title:"Core Concepts",permalink:"/0.8/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8134],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.8/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.8/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.8/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/architecture.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.8/uninstall"},next:{title:"Core Concepts",permalink:"/0.8/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file diff --git a/assets/js/1f8b8b7b.f5b68231.js b/assets/js/1f8b8b7b.02d2b164.js similarity index 96% rename from assets/js/1f8b8b7b.f5b68231.js rename to assets/js/1f8b8b7b.02d2b164.js index 6ba09f9ef..1644052fd 100644 --- a/assets/js/1f8b8b7b.f5b68231.js +++ b/assets/js/1f8b8b7b.02d2b164.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9733],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.8/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.8/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.8/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/uninstall.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.8/tut-deployment"},next:{title:"Architecture",permalink:"/0.8/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9733],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.8/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.8/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.8/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/uninstall.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.8/tut-deployment"},next:{title:"Architecture",permalink:"/0.8/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/1fec2b35.73264e50.js b/assets/js/1fec2b35.5aa52915.js similarity index 96% rename from assets/js/1fec2b35.73264e50.js rename to assets/js/1fec2b35.5aa52915.js index 6c99f5dc9..f6c351e62 100644 --- a/assets/js/1fec2b35.73264e50.js +++ b/assets/js/1fec2b35.5aa52915.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3325],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.4/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.4/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.4/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-bundles-state.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.4/imagescan"},next:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3325],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.4/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.4/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.4/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-bundles-state.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.4/imagescan"},next:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/20889235.cc4e01e4.js b/assets/js/20889235.d0ac9730.js similarity index 97% rename from assets/js/20889235.cc4e01e4.js rename to assets/js/20889235.d0ac9730.js index eb72a8bd9..0358930bc 100644 --- a/assets/js/20889235.cc4e01e4.js +++ b/assets/js/20889235.d0ac9730.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1043],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.7/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.7/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.7/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cluster-group.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.7/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.7/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1043],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.7/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.7/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.7/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cluster-group.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.7/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.7/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/21d02ecb.df14eb76.js b/assets/js/21d02ecb.fca633e5.js similarity index 98% rename from assets/js/21d02ecb.df14eb76.js rename to assets/js/21d02ecb.fca633e5.js index 74da66342..0f8d2d56e 100644 --- a/assets/js/21d02ecb.df14eb76.js +++ b/assets/js/21d02ecb.fca633e5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6985],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(r),g=a,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||i;return r?n.createElement(m,s(s({ref:t},u),{},{components:r})):n.createElement(m,s({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,s=new Array(i);s[0]=d;var o={};for(var l in t)hasOwnProperty.call(t,l)&&(o[l]=t[l]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},s="Cluster Registration Internals",o={unversionedId:"ref-registration",id:"version-0.8/ref-registration",title:"Cluster Registration Internals",description:"How does cluster registration work?",source:"@site/versioned_docs/version-0.8/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.8/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-registration.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.8/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.8/ref-configuration"}},l={},c=[{value:"How does cluster registration work?",id:"how-does-cluster-registration-work",level:2},{value:"Cluster first",id:"cluster-first",level:4},{value:"Cluster -> ClusterRegistrationToken + Import Account",id:"cluster---clusterregistrationtoken--import-account",level:4},{value:"Fleet-Agent -> ClusterRegistration",id:"fleet-agent---clusterregistration",level:4},{value:"Notes",id:"notes",level:3},{value:"Diagram",id:"diagram",level:2},{value:"Process",id:"process",level:3},{value:"Secrets",id:"secrets",level:3}],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("h2",{id:"how-does-cluster-registration-work"},"How does cluster registration work?"),(0,a.kt)("p",null,"This text describes cluster registration with more technical details. The text ignores agent initiated registration, as it\u2019s not commonly used.\n",(0,a.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#agent-initiated"},"Agent initiated registration")," is ",(0,a.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#create-cluster-registration-tokens"},'"',(0,a.kt)("inlineCode",{parentName:"a"},"ClusterRegistrationToken"),' first"'),", which means pre-creating a cluster is optional."),(0,a.kt)("p",null,'See "',(0,a.kt)("a",{parentName:"p",href:"/0.8/cluster-registration"},"Register Downstream Clusters"),'" to learn how to register clusters.'),(0,a.kt)("h4",{id:"cluster-first"},"Cluster first"),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller"),' starts up and may "bootstrap" the local cluster resource. In Rancher creating the local cluster resource is handlded by the fleetcluster controller instead, but otherwise the process is identical.'),(0,a.kt)("p",null,"For manager initiated registration the process is identical for the local cluster or any downstream cluster. It starts by creating a cluster resource, which refers to a kubeconfig secret."),(0,a.kt)("h4",{id:"cluster---clusterregistrationtoken--import-account"},"Cluster -> ClusterRegistrationToken + Import Account"),(0,a.kt)("p",null,"Now that a cluster resource exists, ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and runs ",(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," to create the fleet-agent deployment.\u2028",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," also creates a ",(0,a.kt)("a",{parentName:"p",href:"/0.8/architecture#security"},(0,a.kt)("inlineCode",{parentName:"a"},"clusterregistrationtoken"))," and waits for it to be complete. The ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistationtoken")," triggers the creation of the import service account, which can create ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistrations"),' and read any secret in the system registration namespace (eg "cattle-fleet-clusters-system").\nThe ',(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," will enqueue itself until the import service account exists, because that\u2019s needed to create the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret.\nNow, the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," and the bootstrap secret are present on the downstream cluster"),(0,a.kt)("h4",{id:"fleet-agent---clusterregistration"},"Fleet-Agent -> ClusterRegistration"),(0,a.kt)("p",null,"Immediately the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," checks for a ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret (which contains the import kubeconfig) and starts registering if present. Then ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," creates a clusterregistration resource in fleet-default on the management cluster, with a random number. The random number will be used for the registration secret\u2019s name."),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and tries to grant the clusterregistration request to create ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent"),"\u2019s serviceaccount and create the ",(0,a.kt)("inlineCode",{parentName:"p"},"\u2018c-*\u2019")," registration secret with the clients new kubeconfig.\nThe registration secret name is ",(0,a.kt)("inlineCode",{parentName:"p"},'hash("clientID-clientRandom")'),'. The new kubeconfig uses the "request" account. The request account can access the cluster status, ',(0,a.kt)("inlineCode",{parentName:"p"},"bundledeployments")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"contents"),"."),(0,a.kt)("h3",{id:"notes"},"Notes"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},'The registration starts with the "import" account and pivots to the "request" account.'),(0,a.kt)("li",{parentName:"ul"},"The fleet-default namespace has all the cluster registrations, the import account uses a separate namespace."),(0,a.kt)("li",{parentName:"ul"},"Once the agent is registered, ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will trigger on a cluster/namespace change and call manageagent to create a bundle. The agent will update itself to the bundle and since the generation env var changes it will restart."),(0,a.kt)("li",{parentName:"ul"},"If no bootstrap secret exists, the agent will not re-register.")),(0,a.kt)("h2",{id:"diagram"},"Diagram"),(0,a.kt)("h3",{id:"process"},"Process"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.8/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.8/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})),(0,a.kt)("h3",{id:"secrets"},"Secrets"),(0,a.kt)("p",null,"This diagram shows the resources created during registration and focuses on the k8s API server configuration."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration Secrets",src:r(4408).Z,width:"1581",height:"4162"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"},4408:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistrationSecrets-deae20b127f82ebcf32a5c593b53b912.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6985],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(r),g=a,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||i;return r?n.createElement(m,s(s({ref:t},u),{},{components:r})):n.createElement(m,s({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,s=new Array(i);s[0]=d;var o={};for(var l in t)hasOwnProperty.call(t,l)&&(o[l]=t[l]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},s="Cluster Registration Internals",o={unversionedId:"ref-registration",id:"version-0.8/ref-registration",title:"Cluster Registration Internals",description:"How does cluster registration work?",source:"@site/versioned_docs/version-0.8/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.8/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-registration.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.8/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.8/ref-configuration"}},l={},c=[{value:"How does cluster registration work?",id:"how-does-cluster-registration-work",level:2},{value:"Cluster first",id:"cluster-first",level:4},{value:"Cluster -> ClusterRegistrationToken + Import Account",id:"cluster---clusterregistrationtoken--import-account",level:4},{value:"Fleet-Agent -> ClusterRegistration",id:"fleet-agent---clusterregistration",level:4},{value:"Notes",id:"notes",level:3},{value:"Diagram",id:"diagram",level:2},{value:"Process",id:"process",level:3},{value:"Secrets",id:"secrets",level:3}],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("h2",{id:"how-does-cluster-registration-work"},"How does cluster registration work?"),(0,a.kt)("p",null,"This text describes cluster registration with more technical details. The text ignores agent initiated registration, as it\u2019s not commonly used.\n",(0,a.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#agent-initiated"},"Agent initiated registration")," is ",(0,a.kt)("a",{parentName:"p",href:"/0.8/cluster-registration#create-cluster-registration-tokens"},'"',(0,a.kt)("inlineCode",{parentName:"a"},"ClusterRegistrationToken"),' first"'),", which means pre-creating a cluster is optional."),(0,a.kt)("p",null,'See "',(0,a.kt)("a",{parentName:"p",href:"/0.8/cluster-registration"},"Register Downstream Clusters"),'" to learn how to register clusters.'),(0,a.kt)("h4",{id:"cluster-first"},"Cluster first"),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller"),' starts up and may "bootstrap" the local cluster resource. In Rancher creating the local cluster resource is handlded by the fleetcluster controller instead, but otherwise the process is identical.'),(0,a.kt)("p",null,"For manager initiated registration the process is identical for the local cluster or any downstream cluster. It starts by creating a cluster resource, which refers to a kubeconfig secret."),(0,a.kt)("h4",{id:"cluster---clusterregistrationtoken--import-account"},"Cluster -> ClusterRegistrationToken + Import Account"),(0,a.kt)("p",null,"Now that a cluster resource exists, ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and runs ",(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," to create the fleet-agent deployment.\u2028",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," also creates a ",(0,a.kt)("a",{parentName:"p",href:"/0.8/architecture#security"},(0,a.kt)("inlineCode",{parentName:"a"},"clusterregistrationtoken"))," and waits for it to be complete. The ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistationtoken")," triggers the creation of the import service account, which can create ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistrations"),' and read any secret in the system registration namespace (eg "cattle-fleet-clusters-system").\nThe ',(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," will enqueue itself until the import service account exists, because that\u2019s needed to create the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret.\nNow, the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," and the bootstrap secret are present on the downstream cluster"),(0,a.kt)("h4",{id:"fleet-agent---clusterregistration"},"Fleet-Agent -> ClusterRegistration"),(0,a.kt)("p",null,"Immediately the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," checks for a ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret (which contains the import kubeconfig) and starts registering if present. Then ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," creates a clusterregistration resource in fleet-default on the management cluster, with a random number. The random number will be used for the registration secret\u2019s name."),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and tries to grant the clusterregistration request to create ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent"),"\u2019s serviceaccount and create the ",(0,a.kt)("inlineCode",{parentName:"p"},"\u2018c-*\u2019")," registration secret with the clients new kubeconfig.\nThe registration secret name is ",(0,a.kt)("inlineCode",{parentName:"p"},'hash("clientID-clientRandom")'),'. The new kubeconfig uses the "request" account. The request account can access the cluster status, ',(0,a.kt)("inlineCode",{parentName:"p"},"bundledeployments")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"contents"),"."),(0,a.kt)("h3",{id:"notes"},"Notes"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},'The registration starts with the "import" account and pivots to the "request" account.'),(0,a.kt)("li",{parentName:"ul"},"The fleet-default namespace has all the cluster registrations, the import account uses a separate namespace."),(0,a.kt)("li",{parentName:"ul"},"Once the agent is registered, ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will trigger on a cluster/namespace change and call manageagent to create a bundle. The agent will update itself to the bundle and since the generation env var changes it will restart."),(0,a.kt)("li",{parentName:"ul"},"If no bootstrap secret exists, the agent will not re-register.")),(0,a.kt)("h2",{id:"diagram"},"Diagram"),(0,a.kt)("h3",{id:"process"},"Process"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.8/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.8/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})),(0,a.kt)("h3",{id:"secrets"},"Secrets"),(0,a.kt)("p",null,"This diagram shows the resources created during registration and focuses on the k8s API server configuration."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration Secrets",src:r(4408).Z,width:"1581",height:"4162"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"},4408:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistrationSecrets-deae20b127f82ebcf32a5c593b53b912.svg"}}]); \ No newline at end of file diff --git a/assets/js/22b369d5.e77b22ec.js b/assets/js/22b369d5.8be4e519.js similarity index 96% rename from assets/js/22b369d5.e77b22ec.js rename to assets/js/22b369d5.8be4e519.js index a16cd911c..1b4f67a99 100644 --- a/assets/js/22b369d5.e77b22ec.js +++ b/assets/js/22b369d5.8be4e519.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.4/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.4/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.4/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/uninstall.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.4/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.4/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.4/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/uninstall.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/246340c6.34327f0b.js b/assets/js/246340c6.3f1c724e.js similarity index 98% rename from assets/js/246340c6.34327f0b.js rename to assets/js/246340c6.3f1c724e.js index e1aea80e4..fd9335db0 100644 --- a/assets/js/246340c6.34327f0b.js +++ b/assets/js/246340c6.3f1c724e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4508],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),p=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=r,h=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.6/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.6/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.6/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-targets.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.6/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.6/bundle-diffs"}},i={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Additional Examples",id:"additional-examples",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("admonition",{title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will deploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed etcd's\nconfigured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details.")),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4508],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),p=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=r,h=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.6/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.6/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.6/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/gitrepo-targets.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.6/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.6/bundle-diffs"}},i={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Additional Examples",id:"additional-examples",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("admonition",{title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will deploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed etcd's\nconfigured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details.")),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/250ffcdd.8c2c87ef.js b/assets/js/250ffcdd.b971ee22.js similarity index 95% rename from assets/js/250ffcdd.8c2c87ef.js rename to assets/js/250ffcdd.b971ee22.js index e2c97f243..206bfe8fa 100644 --- a/assets/js/250ffcdd.8c2c87ef.js +++ b/assets/js/250ffcdd.b971ee22.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5519],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.8/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.8/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.8/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/troubleshooting.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Resource",permalink:"/0.8/ref-bundle"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Fetch detailed status from GitRepos and Bundles?",id:"fetch-detailed-status-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled."),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"fetch-detailed-status-from-gitrepos-and-bundles"},"Fetch detailed status from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"For debugging and bug reports the raw JSON of the resources status fields is most useful.\nThis can be accessed in the Rancher UI, or through ",(0,a.kt)("inlineCode",{parentName:"p"},"kubectl"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}\nkubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}\n")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.8/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.8/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo."),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.8/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority"\n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm:\n releaseName: \n repo: \n chart: \ndiff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations"\n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.8/bundle-diffs"},"bundle diffs documentation")," for more information.")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5519],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.8/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.8/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.8/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/troubleshooting.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Resource",permalink:"/0.8/ref-bundle"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Fetch detailed status from GitRepos and Bundles?",id:"fetch-detailed-status-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled."),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"fetch-detailed-status-from-gitrepos-and-bundles"},"Fetch detailed status from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"For debugging and bug reports the raw JSON of the resources status fields is most useful.\nThis can be accessed in the Rancher UI, or through ",(0,a.kt)("inlineCode",{parentName:"p"},"kubectl"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}\nkubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}\n")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.8/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.8/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo."),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.8/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority"\n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm:\n releaseName: \n repo: \n chart: \ndiff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations"\n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.8/bundle-diffs"},"bundle diffs documentation")," for more information.")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/2579085f.f209420e.js b/assets/js/2579085f.d7d70f0c.js similarity index 99% rename from assets/js/2579085f.f209420e.js rename to assets/js/2579085f.d7d70f0c.js index 780b95c5f..b8b76af68 100644 --- a/assets/js/2579085f.f209420e.js +++ b/assets/js/2579085f.d7d70f0c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1732],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},8650:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.8/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.8/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.8/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/tut-deployment.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.8/quickstart"},next:{title:"Uninstall",permalink:"/0.8/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.8/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},8650:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.8/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.8/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.8/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/tut-deployment.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.8/quickstart"},next:{title:"Uninstall",permalink:"/0.8/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.8/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,g=f["".concat(l,".").concat(d)]||f[d]||p[d]||i;return r?n.createElement(g,o(o({ref:t},u),{},{components:r})):n.createElement(g,o({ref:t},u))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Cluster Registration Internals",s={unversionedId:"ref-registration",id:"version-0.7/ref-registration",title:"Cluster Registration Internals",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/versioned_docs/version-0.7/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.7/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-registration.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.7/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.7/ref-configuration"}},l={},c=[],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.7/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.7/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4717],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,g=f["".concat(l,".").concat(d)]||f[d]||p[d]||i;return r?n.createElement(g,o(o({ref:t},u),{},{components:r})):n.createElement(g,o({ref:t},u))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Cluster Registration Internals",s={unversionedId:"ref-registration",id:"version-0.7/ref-registration",title:"Cluster Registration Internals",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/versioned_docs/version-0.7/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.7/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-registration.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.7/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.7/ref-configuration"}},l={},c=[],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.7/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.7/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"}}]); \ No newline at end of file diff --git a/assets/js/2a9b5780.8c824699.js b/assets/js/2a9b5780.8c824699.js new file mode 100644 index 000000000..7e18e0045 --- /dev/null +++ b/assets/js/2a9b5780.8c824699.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7076],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},u=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),m=r,h=u["".concat(s,".").concat(m)]||u[m]||d[m]||l;return n?a.createElement(h,o(o({ref:t},p),{},{components:n})):a.createElement(h,o({ref:t},p))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},o="Create a Bundle Resource",i={unversionedId:"bundle-add",id:"version-0.9/bundle-add",title:"Create a Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created",source:"@site/versioned_docs/version-0.9/bundle-add.md",sourceDirName:".",slug:"/bundle-add",permalink:"/0.9/bundle-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/bundle-add.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.9/imagescan"},next:{title:"fleet-agent",permalink:"/0.9/cli/fleet-agent/"}},s={},c=[{value:"Limitations",id:"limitations",level:2},{value:"Convert a Helm Chart into a Bundle",id:"convert-a-helm-chart-into-a-bundle",level:2}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-bundle-resource"},"Create a Bundle Resource"),(0,r.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created. In most cases ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundles")," should not be created\nmanually by the user. If you want to deploy resources from a git repository use a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-add"},"GitRepo")," instead."),(0,r.kt)("p",null,"If you want to deploy resources without a git repository follow this guide to create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle"),"."),(0,r.kt)("p",null,"When creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," Fleet will fetch the resources from a git repository, and add them to a Bundle.\nWhen creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," resources need to be explicitly specified in the ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," Spec.\nResources can be compressed with gz. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher/blob/v2.7.3/pkg/controllers/provisioningv2/managedchart/managedchart.go#L149-L153"},"here"),"\nan example of how Rancher uses compression in go code."),(0,r.kt)("p",null,"If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),".\nSee ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-targets#defining-targets"},"Mapping to Downstream Clusters"),"."),(0,r.kt)("p",null,"The following example creates a nginx ",(0,r.kt)("inlineCode",{parentName:"p"},"Deployment")," in the local cluster:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n resources:\n # List of all resources that will be deployed\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n targets:\n - clusterName: local\n\n")),(0,r.kt)("h2",{id:"limitations"},"Limitations"),(0,r.kt)("p",null,"Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.repo")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.charts"))),(0,r.kt)("p",null,"You can't use a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in resources, it is only used by the fleet-cli to create bundles."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targetRestrictions")," field is not useful, as it is an allow list for targets specified in ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets"),". It is not needed, since ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," are explicitly given in a bundle and an empty ",(0,r.kt)("inlineCode",{parentName:"p"},"targetRestrictions")," defaults to allow."),(0,r.kt)("h2",{id:"convert-a-helm-chart-into-a-bundle"},"Convert a Helm Chart into a Bundle"),(0,r.kt)("p",null,"You can use the Fleet CLI to convert a Helm chart into a bundle."),(0,r.kt)("p",null,'For example, you can download and convert the "external secrets" operator chart like this:'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"cat > targets.yaml < app/fleet.yaml < eso-bundle.yaml\n\nkubectl apply -f eso-bundle.yaml\n")),(0,r.kt)("p",null,"Make sure you use a cluster selector in ",(0,r.kt)("inlineCode",{parentName:"p"},"targets.yaml"),", that matches all clusters you want to deploy to."),(0,r.kt)("p",null,"The blog post on ",(0,r.kt)("a",{parentName:"p",href:"https://www.suse.com/c/rancher_blog/fleet-multi-cluster-deployment-with-the-help-of-external-secrets/"},"Fleet: Multi-Cluster Deployment with the Help of External Secrets")," has more information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/2c86db16.1e09bfe9.js b/assets/js/2c86db16.00eb8bef.js similarity index 98% rename from assets/js/2c86db16.1e09bfe9.js rename to assets/js/2c86db16.00eb8bef.js index 55f596925..f13980731 100644 --- a/assets/js/2c86db16.1e09bfe9.js +++ b/assets/js/2c86db16.00eb8bef.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5192],{3905:(e,n,t)=>{t.d(n,{Zo:()=>p,kt:()=>f});var r=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function a(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);n&&(r=r.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,r)}return t}function l(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=r.createContext({}),c=function(e){var n=r.useContext(i),t=n;return e&&(t="function"==typeof e?e(n):l(l({},n),e)),t},p=function(e){var n=c(e.components);return r.createElement(i.Provider,{value:n},e.children)},u={inlineCode:"code",wrapper:function(e){var n=e.children;return r.createElement(r.Fragment,{},n)}},d=r.forwardRef((function(e,n){var t=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(t),f=o,m=d["".concat(i,".").concat(f)]||d[f]||u[f]||a;return t?r.createElement(m,l(l({ref:n},p),{},{components:t})):r.createElement(m,l({ref:n},p))}));function f(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var a=t.length,l=new Array(a);l[0]=d;var s={};for(var i in n)hasOwnProperty.call(n,i)&&(s[i]=n[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{t.r(n),t.d(n,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=t(7462),o=(t(7294),t(3905));const a={},l="Bundle Resource",s={unversionedId:"ref-bundle",id:"version-0.7/ref-bundle",title:"Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created.",source:"@site/versioned_docs/version-0.7/ref-bundle.md",sourceDirName:".",slug:"/ref-bundle",permalink:"/0.7/ref-bundle",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-bundle.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.7/ref-gitrepo"},next:{title:"Troubleshooting",permalink:"/0.7/troubleshooting"}},i={},c=[],p={toc:c};function u(e){let{components:n,...t}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-resource"},"Bundle Resource"),(0,o.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),".\nFor more information on how to use the Bundle resource ",(0,o.kt)("a",{parentName:"p",href:"/0.7/bundle-add"},"Create a Bundle Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # Namespace used for resources that do not specify a namespace.\n # This field is not used to enforce or lock down the deployment to a specific namespace.\n # defaultNamespace: test\n\n # If present will assign all resource to this\n # namespace and if any cluster scoped resource exists the deployment will fail.\n # targetNamespace: app\n\n # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.\n # kustomize: ...\n\n # Helm options for the deployment, like the chart name, repo and values.\n # helm: ...\n\n # ServiceAccount which will be used to perform this deployment.\n # serviceAccount: sa\n\n # ForceSyncGeneration is used to force a redeployment.\n # forceSyncGeneration: 0\n\n # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.\n # yaml: ...\n\n # Diff can be used to ignore the modified state of objects which are amended at runtime.\n # A specific commit or tag can also be watched.\n #\n # diff: ...\n\n # KeepResources can be used to keep the deployed resources when removing the bundle.\n # keepResources: false\n\n # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.\n # paused: false\n\n # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.\n # rolloutStrategy: ...\n\n # Contain the actual resources from the git repo which will be deployed.\n resources:\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n\n # This field is used by Fleet internally, and it should not be modified manually.\n # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.\n # targetRestrictions: ...\n\n # Refers to the bundles which must be ready before this bundle can be deployed.\n # dependsOn: ...\n\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5192],{3905:(e,n,t)=>{t.d(n,{Zo:()=>p,kt:()=>f});var r=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function a(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);n&&(r=r.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,r)}return t}function l(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=r.createContext({}),c=function(e){var n=r.useContext(i),t=n;return e&&(t="function"==typeof e?e(n):l(l({},n),e)),t},p=function(e){var n=c(e.components);return r.createElement(i.Provider,{value:n},e.children)},u={inlineCode:"code",wrapper:function(e){var n=e.children;return r.createElement(r.Fragment,{},n)}},d=r.forwardRef((function(e,n){var t=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(t),f=o,m=d["".concat(i,".").concat(f)]||d[f]||u[f]||a;return t?r.createElement(m,l(l({ref:n},p),{},{components:t})):r.createElement(m,l({ref:n},p))}));function f(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var a=t.length,l=new Array(a);l[0]=d;var s={};for(var i in n)hasOwnProperty.call(n,i)&&(s[i]=n[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{t.r(n),t.d(n,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=t(7462),o=(t(7294),t(3905));const a={},l="Bundle Resource",s={unversionedId:"ref-bundle",id:"version-0.7/ref-bundle",title:"Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created.",source:"@site/versioned_docs/version-0.7/ref-bundle.md",sourceDirName:".",slug:"/ref-bundle",permalink:"/0.7/ref-bundle",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-bundle.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.7/ref-gitrepo"},next:{title:"Troubleshooting",permalink:"/0.7/troubleshooting"}},i={},c=[],p={toc:c};function u(e){let{components:n,...t}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-resource"},"Bundle Resource"),(0,o.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),".\nFor more information on how to use the Bundle resource ",(0,o.kt)("a",{parentName:"p",href:"/0.7/bundle-add"},"Create a Bundle Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # Namespace used for resources that do not specify a namespace.\n # This field is not used to enforce or lock down the deployment to a specific namespace.\n # defaultNamespace: test\n\n # If present will assign all resource to this\n # namespace and if any cluster scoped resource exists the deployment will fail.\n # targetNamespace: app\n\n # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.\n # kustomize: ...\n\n # Helm options for the deployment, like the chart name, repo and values.\n # helm: ...\n\n # ServiceAccount which will be used to perform this deployment.\n # serviceAccount: sa\n\n # ForceSyncGeneration is used to force a redeployment.\n # forceSyncGeneration: 0\n\n # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.\n # yaml: ...\n\n # Diff can be used to ignore the modified state of objects which are amended at runtime.\n # A specific commit or tag can also be watched.\n #\n # diff: ...\n\n # KeepResources can be used to keep the deployed resources when removing the bundle.\n # keepResources: false\n\n # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.\n # paused: false\n\n # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.\n # rolloutStrategy: ...\n\n # Contain the actual resources from the git repo which will be deployed.\n resources:\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n\n # This field is used by Fleet internally, and it should not be modified manually.\n # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.\n # targetRestrictions: ...\n\n # Refers to the bundles which must be ready before this bundle can be deployed.\n # dependsOn: ...\n\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/2d618eff.69f5553f.js b/assets/js/2d618eff.ca23dff7.js similarity index 99% rename from assets/js/2d618eff.69f5553f.js rename to assets/js/2d618eff.ca23dff7.js index 944fc3441..1ff57eec8 100644 --- a/assets/js/2d618eff.69f5553f.js +++ b/assets/js/2d618eff.ca23dff7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7224],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.4/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.4/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.4/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/troubleshooting.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.4/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.4/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7224],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.4/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.4/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.4/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/troubleshooting.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.4/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.4/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/2dc49bc9.72a2b5d8.js b/assets/js/2dc49bc9.ceea9191.js similarity index 97% rename from assets/js/2dc49bc9.72a2b5d8.js rename to assets/js/2dc49bc9.ceea9191.js index 4b5b8d43d..bc1820c7a 100644 --- a/assets/js/2dc49bc9.72a2b5d8.js +++ b/assets/js/2dc49bc9.ceea9191.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8459],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.6/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.6/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.6/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8459],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.6/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.6/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.6/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/300dc0ad.6c146903.js b/assets/js/300dc0ad.6c146903.js new file mode 100644 index 000000000..6e09036ad --- /dev/null +++ b/assets/js/300dc0ad.6c146903.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7384],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),u=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},f=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,c=o(e,["components","mdxType","originalType","parentName"]),f=u(n),m=r,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||l;return n?a.createElement(d,i(i({ref:t},c),{},{components:n})):a.createElement(d,i({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var u=2;u{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const l={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.9/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.9/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.9/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/ref-configuration.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.9/ref-registration"},next:{title:"List of Deployed Resources",permalink:"/0.9/ref-resources"}},s={},u=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2},{value:"Fleet agent configuration",id:"fleet-agent-configuration",level:2}],c={toc:u};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"configuration"},"Configuration"),(0,r.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,r.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,r.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,r.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,r.kt)("p",null,"The controllers can be started with these environment variables:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,r.kt)("h2",{id:"configuration-1"},"Configuration"),(0,r.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,r.kt)("p",null,"The config ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent"),(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller")),(0,r.kt)("h2",{id:"labels"},"Labels"),(0,r.kt)("p",null,"Labels used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,r.kt)("h2",{id:"annotations"},"Annotations"),(0,r.kt)("p",null,"Annotations used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))),(0,r.kt)("h2",{id:"fleet-agent-configuration"},"Fleet agent configuration"),(0,r.kt)("p",null,"Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/ref-crds#clusterspec"},"Cluster"),", see ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/cluster-registration"},"Registering Downstream Cluster")," for more info on how to create\nClusters. Default configuration will be used if these fields are not provided."),(0,r.kt)("p",null,"If you change the resources limits, make sure the limits allow the fleet-agent to work normally."),(0,r.kt)("p",null,"Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults.\nAgents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/32a14031.69439c2e.js b/assets/js/32a14031.3c279e0f.js similarity index 98% rename from assets/js/32a14031.69439c2e.js rename to assets/js/32a14031.3c279e0f.js index 5dbfd3b6d..7e7224cd7 100644 --- a/assets/js/32a14031.69439c2e.js +++ b/assets/js/32a14031.3c279e0f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8794],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=l(n),m=o,f=d["".concat(c,".").concat(m)]||d[m]||u[m]||a;return n?r.createElement(f,s(s({ref:t},p),{},{components:n})):r.createElement(f,s({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=d;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.8/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.8/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.8/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-gitrepo.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.8/ref-fleet-yaml"},next:{title:"Bundle Resource",permalink:"/0.8/ref-bundle"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.\n # Credentials will always be used if it is empty or not provided\n #\n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n # If empty, the "default" cluster group is used.\n #\n # targets: ...\n #\n # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses\n # a three-way merge strategy by default. \n # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating \n # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.\n # Keep in mind that resources might be recreated if force is enabled.\n # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.\n #\n # correctDrift:\n # enabled: false\n # force: false #Warning: it might recreate resources if set to true\n # keepFailHistory: false\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8794],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=l(n),m=o,f=d["".concat(c,".").concat(m)]||d[m]||u[m]||a;return n?r.createElement(f,s(s({ref:t},p),{},{components:n})):r.createElement(f,s({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=d;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.8/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.8/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.8/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-gitrepo.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.8/ref-fleet-yaml"},next:{title:"Bundle Resource",permalink:"/0.8/ref-bundle"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.\n # Credentials will always be used if it is empty or not provided\n #\n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n # If empty, the "default" cluster group is used.\n #\n # targets: ...\n #\n # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses\n # a three-way merge strategy by default. \n # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating \n # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.\n # Keep in mind that resources might be recreated if force is enabled.\n # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.\n #\n # correctDrift:\n # enabled: false\n # force: false #Warning: it might recreate resources if set to true\n # keepFailHistory: false\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/32c7bf40.8fad3bc1.js b/assets/js/32c7bf40.c9472272.js similarity index 99% rename from assets/js/32c7bf40.8fad3bc1.js rename to assets/js/32c7bf40.c9472272.js index cc4bfc5a9..881506f64 100644 --- a/assets/js/32c7bf40.8fad3bc1.js +++ b/assets/js/32c7bf40.c9472272.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6095],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=r,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||o;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const o={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.6/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.6/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.6/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-fleet-yaml.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.6/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.6/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,r.kt)("p",null,"For more information on how to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,r.kt)("a",{parentName:"p",href:"/0.6/gitrepo-content"},"Git Repository Contents"),"."),(0,r.kt)("p",null,"The content of the fleet.yaml corresponds to ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"},"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"),", which contains the ",(0,r.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a \n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. However, the `uuidv4` function is not supported.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n \n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: \n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6095],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=r,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||o;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:r,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>s,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const o={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.6/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.6/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.6/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-fleet-yaml.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.6/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.6/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,r.kt)("p",null,"For more information on how to use the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,r.kt)("a",{parentName:"p",href:"/0.6/gitrepo-content"},"Git Repository Contents"),"."),(0,r.kt)("p",null,"The content of the fleet.yaml corresponds to ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"},"https://github.com/rancher/fleet/blob/master/pkg/bundlereader/read.go#L129-L135"),", which contains the ",(0,r.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# Optional map of labels, that are set at the bundle and can be used in a \n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. However, the `uuidv4` function is not supported.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n \n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: \n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/340d0560.d960d7b6.js b/assets/js/340d0560.3768fb1d.js similarity index 95% rename from assets/js/340d0560.d960d7b6.js rename to assets/js/340d0560.3768fb1d.js index ad43fd43b..c6ddfffe5 100644 --- a/assets/js/340d0560.d960d7b6.js +++ b/assets/js/340d0560.3768fb1d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9246],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=a,g=u["".concat(c,".").concat(d)]||u[d]||s[d]||l;return n?r.createElement(g,o(o({ref:t},p),{},{components:n})):r.createElement(g,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>l,metadata:()=>i,toc:()=>f});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/docs/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-agent/fleet-agent.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Create a Bundle Resource",permalink:"/bundle-add"},next:{title:"fleet",permalink:"/cli/fleet-cli/fleet"}},c={},f=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n")))}s.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9246],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=a,g=u["".concat(c,".").concat(d)]||u[d]||s[d]||l;return n?r.createElement(g,o(o({ref:t},p),{},{components:n})):r.createElement(g,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>l,metadata:()=>i,toc:()=>f});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/docs/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-agent/fleet-agent.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Create a Bundle Resource",permalink:"/bundle-add"},next:{title:"fleet",permalink:"/cli/fleet-cli/fleet"}},c={},f=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/34a3c1ae.ad7ad99f.js b/assets/js/34a3c1ae.9b4c716b.js similarity index 99% rename from assets/js/34a3c1ae.ad7ad99f.js rename to assets/js/34a3c1ae.9b4c716b.js index 74784094d..d485f3e62 100644 --- a/assets/js/34a3c1ae.ad7ad99f.js +++ b/assets/js/34a3c1ae.9b4c716b.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5776],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.4/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.4/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.4/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-add.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.4/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.4/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5776],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),p=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(l.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(n),d=r,h=m["".concat(l,".").concat(d)]||m[d]||u[d]||i;return n?a.createElement(h,o(o({ref:t},c),{},{components:n})):a.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>u,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const i={},o="Adding a GitRepo",s={unversionedId:"gitrepo-add",id:"version-0.4/gitrepo-add",title:"Adding a GitRepo",description:"Proper namespace",source:"@site/versioned_docs/version-0.4/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.4/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-add.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.4/namespaces"},next:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"}},l={},p=[{value:"Proper namespace",id:"proper-namespace",level:2},{value:"Create GitRepo instance",id:"create-gitrepo-instance",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"adding-a-gitrepo"},"Adding a GitRepo"),(0,r.kt)("h2",{id:"proper-namespace"},"Proper namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.4/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo instance"),(0,r.kt)("p",null,"Git repositories are register by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," following the below YAML sample. Refer\nto the inline comments as the means of each field"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. As a workaround, split them into different gitrepos.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",null,"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.4/troubleshooting"},"here"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/34c1e1e7.93149a17.js b/assets/js/34c1e1e7.29c6cf31.js similarity index 89% rename from assets/js/34c1e1e7.93149a17.js rename to assets/js/34c1e1e7.29c6cf31.js index 2fcdcee95..35a08884f 100644 --- a/assets/js/34c1e1e7.93149a17.js +++ b/assets/js/34c1e1e7.29c6cf31.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7571],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},f=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),m=r,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||l;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.8/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.8/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.8/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-configuration.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.8/ref-registration"},next:{title:"List of Deployed Resources",permalink:"/0.8/ref-resources"}},s={},c=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2},{value:"Fleet agent configuration",id:"fleet-agent-configuration",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"configuration"},"Configuration"),(0,r.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,r.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,r.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,r.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,r.kt)("p",null,"The controllers can be started with these environment variables:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,r.kt)("h2",{id:"configuration-1"},"Configuration"),(0,r.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,r.kt)("p",null,"The config ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent"),(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller")),(0,r.kt)("h2",{id:"labels"},"Labels"),(0,r.kt)("p",null,"Labels used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,r.kt)("h2",{id:"annotations"},"Annotations"),(0,r.kt)("p",null,"Annotations used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))),(0,r.kt)("h2",{id:"fleet-agent-configuration"},"Fleet agent configuration"),(0,r.kt)("p",null,"Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/ref-crds#clusterspec"},"Cluster"),", see ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/cluster-registration"},"Registering Downstream Cluster")," for more info on how to create\nClusters. Default configuration will be used if these fields are not provided."),(0,r.kt)("p",null,"If you change the resources limits, make sure the limits allow the fleet-agent to work normally."),(0,r.kt)("p",null,"Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults.\nAgents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7571],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),u=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},f=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,c=o(e,["components","mdxType","originalType","parentName"]),f=u(n),m=r,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||l;return n?a.createElement(d,i(i({ref:t},c),{},{components:n})):a.createElement(d,i({ref:t},c))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var u=2;u{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>u});var a=n(7462),r=(n(7294),n(3905));const l={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.8/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.8/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.8/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-configuration.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.8/ref-registration"},next:{title:"List of Deployed Resources",permalink:"/0.8/ref-resources"}},s={},u=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2},{value:"Fleet agent configuration",id:"fleet-agent-configuration",level:2}],c={toc:u};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"configuration"},"Configuration"),(0,r.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,r.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,r.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,r.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,r.kt)("p",null,"The controllers can be started with these environment variables:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,r.kt)("h2",{id:"configuration-1"},"Configuration"),(0,r.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,r.kt)("p",null,"The config ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent"),(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller")),(0,r.kt)("h2",{id:"labels"},"Labels"),(0,r.kt)("p",null,"Labels used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,r.kt)("h2",{id:"annotations"},"Annotations"),(0,r.kt)("p",null,"Annotations used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))),(0,r.kt)("h2",{id:"fleet-agent-configuration"},"Fleet agent configuration"),(0,r.kt)("p",null,"Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/ref-crds#clusterspec"},"Cluster"),", see ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/cluster-registration"},"Registering Downstream Cluster")," for more info on how to create\nClusters. Default configuration will be used if these fields are not provided."),(0,r.kt)("p",null,"If you change the resources limits, make sure the limits allow the fleet-agent to work normally."),(0,r.kt)("p",null,"Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults.\nAgents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/34eb4307.4cb353fb.js b/assets/js/34eb4307.6d5c217a.js similarity index 98% rename from assets/js/34eb4307.4cb353fb.js rename to assets/js/34eb4307.6d5c217a.js index 478c058bb..9ac4218ed 100644 --- a/assets/js/34eb4307.4cb353fb.js +++ b/assets/js/34eb4307.6d5c217a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7314],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.4/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.4/index.md",sourceDirName:".",slug:"/",permalink:"/0.4/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/index.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.4/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7314],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.4/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.4/index.md",sourceDirName:".",slug:"/",permalink:"/0.4/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/index.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.4/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/370ac30b.126fb5ac.js b/assets/js/370ac30b.126fb5ac.js new file mode 100644 index 000000000..70f3a279e --- /dev/null +++ b/assets/js/370ac30b.126fb5ac.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7678],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.9/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.9/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.9/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/multi-user.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.9/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.9/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.9/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.9/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.9/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file diff --git a/assets/js/3718f698.347ad05b.js b/assets/js/3718f698.1144f2fa.js similarity index 97% rename from assets/js/3718f698.347ad05b.js rename to assets/js/3718f698.1144f2fa.js index d183ef026..2013e58fb 100644 --- a/assets/js/3718f698.347ad05b.js +++ b/assets/js/3718f698.1144f2fa.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5763],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>f});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var u=n.createContext({}),d=function(e){var t=n.useContext(u),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=d(e.components);return n.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(r),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return r?n.createElement(m,s(s({ref:t},i),{},{components:r})):n.createElement(m,s({ref:t},i))}));function f(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{r.r(t),r.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var n=r(7462),a=(r(7294),r(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/docs/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-bundles-state.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/ref-registration"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5763],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>f});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var u=n.createContext({}),d=function(e){var t=n.useContext(u),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=d(e.components);return n.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(r),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return r?n.createElement(m,s(s({ref:t},i),{},{components:r})):n.createElement(m,s({ref:t},i))}));function f(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{r.r(t),r.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var n=r(7462),a=(r(7294),r(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/docs/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-bundles-state.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/ref-registration"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/39f5e362.f97cecfd.js b/assets/js/39f5e362.46100ac8.js similarity index 86% rename from assets/js/39f5e362.f97cecfd.js rename to assets/js/39f5e362.46100ac8.js index c38c6452c..b24fba5e1 100644 --- a/assets/js/39f5e362.f97cecfd.js +++ b/assets/js/39f5e362.46100ac8.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6943],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.5/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.5/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.5/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/concepts.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.5/quickstart"},next:{title:"Architecture",permalink:"/0.5/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6943],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.5/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.5/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.5/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/concepts.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.5/quickstart"},next:{title:"Architecture",permalink:"/0.5/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.5/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3a0e6d91.dbc8e9e0.js b/assets/js/3a0e6d91.dbc8e9e0.js new file mode 100644 index 000000000..646cb72d9 --- /dev/null +++ b/assets/js/3a0e6d91.dbc8e9e0.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3467],{3905:(e,n,t)=>{t.d(n,{Zo:()=>p,kt:()=>f});var r=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function a(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);n&&(r=r.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,r)}return t}function l(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=r.createContext({}),c=function(e){var n=r.useContext(i),t=n;return e&&(t="function"==typeof e?e(n):l(l({},n),e)),t},p=function(e){var n=c(e.components);return r.createElement(i.Provider,{value:n},e.children)},u={inlineCode:"code",wrapper:function(e){var n=e.children;return r.createElement(r.Fragment,{},n)}},d=r.forwardRef((function(e,n){var t=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(t),f=o,m=d["".concat(i,".").concat(f)]||d[f]||u[f]||a;return t?r.createElement(m,l(l({ref:n},p),{},{components:t})):r.createElement(m,l({ref:n},p))}));function f(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var a=t.length,l=new Array(a);l[0]=d;var s={};for(var i in n)hasOwnProperty.call(n,i)&&(s[i]=n[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{t.r(n),t.d(n,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=t(7462),o=(t(7294),t(3905));const a={},l="Bundle Resource",s={unversionedId:"ref-bundle",id:"version-0.9/ref-bundle",title:"Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created.",source:"@site/versioned_docs/version-0.9/ref-bundle.md",sourceDirName:".",slug:"/ref-bundle",permalink:"/0.9/ref-bundle",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/ref-bundle.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.9/ref-gitrepo"},next:{title:"Troubleshooting",permalink:"/0.9/troubleshooting"}},i={},c=[],p={toc:c};function u(e){let{components:n,...t}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-resource"},"Bundle Resource"),(0,o.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),".\nFor more information on how to use the Bundle resource ",(0,o.kt)("a",{parentName:"p",href:"/0.9/bundle-add"},"Create a Bundle Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # Namespace used for resources that do not specify a namespace.\n # This field is not used to enforce or lock down the deployment to a specific namespace.\n # defaultNamespace: test\n\n # If present will assign all resource to this\n # namespace and if any cluster scoped resource exists the deployment will fail.\n # targetNamespace: app\n\n # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.\n # kustomize: ...\n\n # Helm options for the deployment, like the chart name, repo and values.\n # helm: ...\n\n # ServiceAccount which will be used to perform this deployment.\n # serviceAccount: sa\n\n # ForceSyncGeneration is used to force a redeployment.\n # forceSyncGeneration: 0\n\n # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.\n # yaml: ...\n\n # Diff can be used to ignore the modified state of objects which are amended at runtime.\n # A specific commit or tag can also be watched.\n #\n # diff: ...\n\n # KeepResources can be used to keep the deployed resources when removing the bundle.\n # keepResources: false\n\n # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.\n # paused: false\n\n # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.\n # rolloutStrategy: ...\n\n # Contain the actual resources from the git repo which will be deployed.\n resources:\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n\n # This field is used by Fleet internally, and it should not be modified manually.\n # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.\n # targetRestrictions: ...\n\n # Refers to the bundles which must be ready before this bundle can be deployed.\n # dependsOn: ...\n\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3a2a2cbe.6252fd86.js b/assets/js/3a2a2cbe.7caaa130.js similarity index 98% rename from assets/js/3a2a2cbe.6252fd86.js rename to assets/js/3a2a2cbe.7caaa130.js index 1d86169b8..57a045100 100644 --- a/assets/js/3a2a2cbe.6252fd86.js +++ b/assets/js/3a2a2cbe.7caaa130.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6190],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},u=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),m=r,f=u["".concat(s,".").concat(m)]||u[m]||d[m]||o;return n?a.createElement(f,l(l({ref:t},p),{},{components:n})):a.createElement(f,l({ref:t},p))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,l[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},l="Create a Bundle Resource",i={unversionedId:"bundle-add",id:"version-0.7/bundle-add",title:"Create a Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created",source:"@site/versioned_docs/version-0.7/bundle-add.md",sourceDirName:".",slug:"/bundle-add",permalink:"/0.7/bundle-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/bundle-add.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.7/imagescan"},next:{title:"fleet-agent",permalink:"/0.7/cli/fleet-agent/"}},s={},c=[{value:"Limitations",id:"limitations",level:2}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-bundle-resource"},"Create a Bundle Resource"),(0,r.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created. In most cases ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundles")," should not be created\nmanually by the user. If you want to deploy resources from a git repository use a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-add"},"GitRepo")," instead."),(0,r.kt)("p",null,"If you want to deploy resources without a git repository follow this guide to create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle"),"."),(0,r.kt)("p",null,"When creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," Fleet will fetch the resources from a git repository, and add them to a Bundle.\nWhen creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," resources need to be explicitly specified in the ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," Spec.\nResources can be compressed with gz. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher/blob/v2.7.3/pkg/controllers/provisioningv2/managedchart/managedchart.go#L149-L153"},"here"),"\nan example of how Rancher uses compression in go code."),(0,r.kt)("p",null,"If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),".\nSee ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-targets#defining-targets"},"Mapping to Downstream Clusters"),"."),(0,r.kt)("p",null,"The following example creates a nginx ",(0,r.kt)("inlineCode",{parentName:"p"},"Deployment")," in the local cluster:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n resources:\n # List of all resources that will be deployed\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n targets:\n - clusterName: local\n\n")),(0,r.kt)("h2",{id:"limitations"},"Limitations"),(0,r.kt)("p",null,"Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.repo")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.charts"))),(0,r.kt)("p",null,"You can't use a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in resources, it is only used by the fleet-cli to create bundles."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targetRestrictions")," field is not useful, as it is an allow list for targets specified in ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets"),". It is not needed, since ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," are explicitly given in a bundle and an empty ",(0,r.kt)("inlineCode",{parentName:"p"},"targetRestrictions")," defaults to allow."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6190],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},u=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),m=r,f=u["".concat(s,".").concat(m)]||u[m]||d[m]||o;return n?a.createElement(f,l(l({ref:t},p),{},{components:n})):a.createElement(f,l({ref:t},p))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,l=new Array(o);l[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,l[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},l="Create a Bundle Resource",i={unversionedId:"bundle-add",id:"version-0.7/bundle-add",title:"Create a Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created",source:"@site/versioned_docs/version-0.7/bundle-add.md",sourceDirName:".",slug:"/bundle-add",permalink:"/0.7/bundle-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/bundle-add.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.7/imagescan"},next:{title:"fleet-agent",permalink:"/0.7/cli/fleet-agent/"}},s={},c=[{value:"Limitations",id:"limitations",level:2}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-bundle-resource"},"Create a Bundle Resource"),(0,r.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created. In most cases ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundles")," should not be created\nmanually by the user. If you want to deploy resources from a git repository use a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-add"},"GitRepo")," instead."),(0,r.kt)("p",null,"If you want to deploy resources without a git repository follow this guide to create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle"),"."),(0,r.kt)("p",null,"When creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," Fleet will fetch the resources from a git repository, and add them to a Bundle.\nWhen creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," resources need to be explicitly specified in the ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," Spec.\nResources can be compressed with gz. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher/blob/v2.7.3/pkg/controllers/provisioningv2/managedchart/managedchart.go#L149-L153"},"here"),"\nan example of how Rancher uses compression in go code."),(0,r.kt)("p",null,"If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),".\nSee ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-targets#defining-targets"},"Mapping to Downstream Clusters"),"."),(0,r.kt)("p",null,"The following example creates a nginx ",(0,r.kt)("inlineCode",{parentName:"p"},"Deployment")," in the local cluster:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n resources:\n # List of all resources that will be deployed\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n targets:\n - clusterName: local\n\n")),(0,r.kt)("h2",{id:"limitations"},"Limitations"),(0,r.kt)("p",null,"Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.repo")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.charts"))),(0,r.kt)("p",null,"You can't use a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in resources, it is only used by the fleet-cli to create bundles."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targetRestrictions")," field is not useful, as it is an allow list for targets specified in ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets"),". It is not needed, since ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," are explicitly given in a bundle and an empty ",(0,r.kt)("inlineCode",{parentName:"p"},"targetRestrictions")," defaults to allow."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3b8c55ea.1dfd7906.js b/assets/js/3b8c55ea.672063eb.js similarity index 99% rename from assets/js/3b8c55ea.1dfd7906.js rename to assets/js/3b8c55ea.672063eb.js index 3e6671436..ad27e4466 100644 --- a/assets/js/3b8c55ea.1dfd7906.js +++ b/assets/js/3b8c55ea.672063eb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3217],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},9250:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/installation.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources During Deployment",permalink:"/resources-during-deployment"},next:{title:"Register Downstream Clusters",permalink:"/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)("p",null,"First add Fleet's Helm repository."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd"),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet")),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA.")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First add Fleet's Helm repository.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3217],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},9250:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/installation.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources During Deployment",permalink:"/resources-during-deployment"},next:{title:"Register Downstream Clusters",permalink:"/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)("p",null,"First add Fleet's Helm repository."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd"),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet")),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA.")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First add Fleet's Helm repository.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/3d7b86e7.bedd888b.js b/assets/js/3d7b86e7.c1c80a97.js similarity index 95% rename from assets/js/3d7b86e7.bedd888b.js rename to assets/js/3d7b86e7.c1c80a97.js index 46e28bdaa..f6ffacbdf 100644 --- a/assets/js/3d7b86e7.bedd888b.js +++ b/assets/js/3d7b86e7.c1c80a97.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3951],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),f=l(r),m=o,d=f["".concat(i,".").concat(m)]||f[m]||p[m]||s;return r?n.createElement(d,a(a({ref:t},u),{},{components:r})):n.createElement(d,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=f;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources",c={unversionedId:"ref-resources",id:"version-0.6/ref-resources",title:"Custom Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.6/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.6/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-resources.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.6/namespaces"},next:{title:"Installation Details",permalink:"/0.6/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3951],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),f=l(r),m=o,d=f["".concat(i,".").concat(m)]||f[m]||p[m]||s;return r?n.createElement(d,a(a({ref:t},u),{},{components:r})):n.createElement(d,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=f;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources",c={unversionedId:"ref-resources",id:"version-0.6/ref-resources",title:"Custom Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.6/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.6/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-resources.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.6/namespaces"},next:{title:"Installation Details",permalink:"/0.6/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file diff --git a/assets/js/4177aba1.1b7c8753.js b/assets/js/4177aba1.c47f8c88.js similarity index 98% rename from assets/js/4177aba1.1b7c8753.js rename to assets/js/4177aba1.c47f8c88.js index 6147d3e2c..a9e9e66b5 100644 --- a/assets/js/4177aba1.1b7c8753.js +++ b/assets/js/4177aba1.c47f8c88.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2992],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},9325:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>m,frontMatter:()=>u,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),r=(a(6828),a(814)),s=a(4866),o=a(5162);const u={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.8/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.8/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.8/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/quickstart.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.8/"},next:{title:"Creating a Deployment",permalink:"/0.8/tut-deployment"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],h={toc:p};function m(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null," Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is\nfairly straightforward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)(s.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd\n","helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet"),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}m.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2992],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},9325:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>m,frontMatter:()=>u,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),r=(a(6828),a(814)),s=a(4866),o=a(5162);const u={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.8/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.8/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.8/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/quickstart.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.8/"},next:{title:"Creating a Deployment",permalink:"/0.8/tut-deployment"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],h={toc:p};function m(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null," Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is\nfairly straightforward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)(s.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd\n","helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet"),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be ran in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}m.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/41b31679.db15244a.js b/assets/js/41b31679.db15244a.js new file mode 100644 index 000000000..dbcc41cae --- /dev/null +++ b/assets/js/41b31679.db15244a.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3977],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.9/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.9/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.9/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/troubleshooting.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Resource",permalink:"/0.9/ref-bundle"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Fetch detailed status from GitRepos and Bundles?",id:"fetch-detailed-status-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled."),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"fetch-detailed-status-from-gitrepos-and-bundles"},"Fetch detailed status from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"For debugging and bug reports the raw JSON of the resources status fields is most useful.\nThis can be accessed in the Rancher UI, or through ",(0,a.kt)("inlineCode",{parentName:"p"},"kubectl"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}\nkubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}\n")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.9/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.9/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo."),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.9/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority"\n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm:\n releaseName: \n repo: \n chart: \ndiff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations"\n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.9/bundle-diffs"},"bundle diffs documentation")," for more information.")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/45a5cd1f.13f44d76.js b/assets/js/45a5cd1f.a626969d.js similarity index 99% rename from assets/js/45a5cd1f.13f44d76.js rename to assets/js/45a5cd1f.a626969d.js index dc18d337f..013bc1f24 100644 --- a/assets/js/45a5cd1f.13f44d76.js +++ b/assets/js/45a5cd1f.a626969d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3365],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/docs/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/concepts.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/architecture"},next:{title:"Bundle Lifecycle",permalink:"/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3365],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/docs/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/concepts.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/architecture"},next:{title:"Bundle Lifecycle",permalink:"/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/46c9c1f8.d15d725c.js b/assets/js/46c9c1f8.c6754282.js similarity index 97% rename from assets/js/46c9c1f8.d15d725c.js rename to assets/js/46c9c1f8.c6754282.js index 945cb3b50..0f9296b94 100644 --- a/assets/js/46c9c1f8.d15d725c.js +++ b/assets/js/46c9c1f8.c6754282.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[252],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,g=f["".concat(l,".").concat(d)]||f[d]||p[d]||i;return r?n.createElement(g,o(o({ref:t},u),{},{components:r})):n.createElement(g,o({ref:t},u))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Cluster Registration Internals",s={unversionedId:"ref-registration",id:"version-0.6/ref-registration",title:"Cluster Registration Internals",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/versioned_docs/version-0.6/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.6/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-registration.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.6/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.6/ref-configuration"}},l={},c=[],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.6/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.6/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[252],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),f=c(r),d=a,g=f["".concat(l,".").concat(d)]||f[d]||p[d]||i;return r?n.createElement(g,o(o({ref:t},u),{},{components:r})):n.createElement(g,o({ref:t},u))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},o="Cluster Registration Internals",s={unversionedId:"ref-registration",id:"version-0.6/ref-registration",title:"Cluster Registration Internals",description:"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.",source:"@site/versioned_docs/version-0.6/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/0.6/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-registration.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/0.6/cluster-bundles-state"},next:{title:"Configuration",permalink:"/0.6/ref-configuration"}},l={},c=[],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/0.6/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/0.6/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"}}]); \ No newline at end of file diff --git a/assets/js/49af6a86.a71ce589.js b/assets/js/49af6a86.fa91e501.js similarity index 98% rename from assets/js/49af6a86.a71ce589.js rename to assets/js/49af6a86.fa91e501.js index f8088fe95..c999ca687 100644 --- a/assets/js/49af6a86.a71ce589.js +++ b/assets/js/49af6a86.fa91e501.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7619],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.4/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.4/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.4/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/architecture.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.4/concepts"},next:{title:"Examples",permalink:"/0.4/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.4/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7619],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.4/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.4/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.4/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/architecture.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.4/concepts"},next:{title:"Examples",permalink:"/0.4/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.4/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/4ccb6852.89449847.js b/assets/js/4ccb6852.6542ce14.js similarity index 97% rename from assets/js/4ccb6852.89449847.js rename to assets/js/4ccb6852.6542ce14.js index 74ff01685..aed7d8a02 100644 --- a/assets/js/4ccb6852.89449847.js +++ b/assets/js/4ccb6852.6542ce14.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3084],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||i[d]||o;return r?n.createElement(f,s(s({ref:t},p),{},{components:r})):n.createElement(f,s({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>i,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/docs/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-group.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/cluster-registration"},next:{title:"Setup Multi User",permalink:"/multi-user"}},c={},u=[],p={toc:u};function i(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}i.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3084],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},p=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},i={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,p=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||i[d]||o;return r?n.createElement(f,s(s({ref:t},p),{},{components:r})):n.createElement(f,s({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>i,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/docs/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-group.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/cluster-registration"},next:{title:"Setup Multi User",permalink:"/multi-user"}},c={},u=[],p={toc:u};function i(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}i.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/4fac8f87.82df6c12.js b/assets/js/4fac8f87.627eda28.js similarity index 97% rename from assets/js/4fac8f87.82df6c12.js rename to assets/js/4fac8f87.627eda28.js index 25313fc02..2760c9b58 100644 --- a/assets/js/4fac8f87.82df6c12.js +++ b/assets/js/4fac8f87.627eda28.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7526],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Quick Start",i={unversionedId:"quickstart",id:"version-0.4/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.4/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.4/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/quickstart.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/"},next:{title:"Core Concepts",permalink:"/0.4/concepts"}},s={},c=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"quick-start"},"Quick Start"),(0,a.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-v0.4.1.tgz\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-v0.4.1.tgz\n")),(0,a.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,a.kt)("p",null,"Change ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,a.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,a.kt)("h2",{id:"get-status"},"Get Status"),(0,a.kt)("p",null,"Get status of what fleet is doing"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,a.kt)("p",null,"You should see something like this get created in your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,a.kt)("p",null,"Enjoy and read the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7526],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Quick Start",i={unversionedId:"quickstart",id:"version-0.4/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.4/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.4/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/quickstart.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/"},next:{title:"Core Concepts",permalink:"/0.4/concepts"}},s={},c=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"quick-start"},"Quick Start"),(0,a.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,a.kt)("h2",{id:"install"},"Install"),(0,a.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,a.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-v0.4.1.tgz\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-v0.4.1.tgz\n")),(0,a.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,a.kt)("p",null,"Change ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,a.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,a.kt)("h2",{id:"get-status"},"Get Status"),(0,a.kt)("p",null,"Get status of what fleet is doing"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,a.kt)("p",null,"You should see something like this get created in your cluster."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,a.kt)("p",null,"Enjoy and read the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/504a9fc5.81855c6f.js b/assets/js/504a9fc5.b64e5b1d.js similarity index 98% rename from assets/js/504a9fc5.81855c6f.js rename to assets/js/504a9fc5.b64e5b1d.js index 154d5c8a3..3cd31c008 100644 --- a/assets/js/504a9fc5.81855c6f.js +++ b/assets/js/504a9fc5.b64e5b1d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[936],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.8/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.8/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.8/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/concepts.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.8/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.8/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.8/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.8/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.8/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[936],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.8/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.8/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.8/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/concepts.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.8/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.8/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.8/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.8/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.8/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/50b0676a.0ce199fa.js b/assets/js/50b0676a.bc7e1b71.js similarity index 97% rename from assets/js/50b0676a.0ce199fa.js rename to assets/js/50b0676a.bc7e1b71.js index b14f441b0..58c8728f3 100644 --- a/assets/js/50b0676a.0ce199fa.js +++ b/assets/js/50b0676a.bc7e1b71.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2088],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.8/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.8/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-cli/fleet_test.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.8/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.8/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2088],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.8/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.8/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-cli/fleet_test.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.8/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.8/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/5176c92e.92f89004.js b/assets/js/5176c92e.43387669.js similarity index 96% rename from assets/js/5176c92e.92f89004.js rename to assets/js/5176c92e.43387669.js index 641d4f281..5413a371e 100644 --- a/assets/js/5176c92e.92f89004.js +++ b/assets/js/5176c92e.43387669.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4955],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.7/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.7/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.7/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/uninstall.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.7/tut-deployment"},next:{title:"Architecture",permalink:"/0.7/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4955],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.7/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.7/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.7/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/uninstall.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.7/tut-deployment"},next:{title:"Architecture",permalink:"/0.7/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/522d95f1.b43b0198.js b/assets/js/522d95f1.0913ec93.js similarity index 99% rename from assets/js/522d95f1.b43b0198.js rename to assets/js/522d95f1.0913ec93.js index fc147b825..78166756c 100644 --- a/assets/js/522d95f1.b43b0198.js +++ b/assets/js/522d95f1.0913ec93.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5279],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=r.createContext({}),c=function(e){var t=r.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(o.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,o=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,h=m["".concat(o,".").concat(d)]||m[d]||p[d]||a;return n?r.createElement(h,i(i({ref:t},u),{},{components:n})):r.createElement(h,i({ref:t},u))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,i=new Array(a);i[0]=m;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},i="Multi-cluster Install",s={unversionedId:"multi-cluster-install",id:"version-0.4/multi-cluster-install",title:"Multi-cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.4/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.4/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/multi-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.4/uninstall"}},o={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"multi-cluster-install"},"Multi-cluster Install"),(0,l.kt)("p",null,(0,l.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,l.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)("h3",{id:"helm-3"},"Helm 3"),(0,l.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,l.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,l.kt)("p",null,"macOS"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,l.kt)("p",null,"Windows"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,l.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,l.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,l.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"If you have ",(0,l.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,l.kt)("h2",{id:"install"},"Install"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Run the following commands"),(0,l.kt)("p",null,"Setup the environment with your specific values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n')),(0,l.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5279],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=r.createContext({}),c=function(e){var t=r.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(o.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,o=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,h=m["".concat(o,".").concat(d)]||m[d]||p[d]||a;return n?r.createElement(h,i(i({ref:t},u),{},{components:n})):r.createElement(h,i({ref:t},u))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,i=new Array(a);i[0]=m;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},i="Multi-cluster Install",s={unversionedId:"multi-cluster-install",id:"version-0.4/multi-cluster-install",title:"Multi-cluster Install",description:"Note: Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under Continuous Delivery on Rancher.",source:"@site/versioned_docs/version-0.4/multi-cluster-install.md",sourceDirName:".",slug:"/multi-cluster-install",permalink:"/0.4/multi-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/multi-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"},next:{title:"Uninstall",permalink:"/0.4/uninstall"}},o={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:2},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"multi-cluster-install"},"Multi-cluster Install"),(0,l.kt)("p",null,(0,l.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Note:")," Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"Warning:")," The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. "),(0,l.kt)("p",null,"In the below use case, you will setup a centralized Fleet manager. The centralized Fleet manager is a\nKubernetes cluster running the Fleet controllers. After installing the Fleet manager, you will then\nneed to register remote downstream clusters with the Fleet manager."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)("h3",{id:"helm-3"},"Helm 3"),(0,l.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,l.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,l.kt)("p",null,"macOS"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,l.kt)("p",null,"Windows"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,l.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,l.kt)("p",null,"The Fleet manager is a controller running on a Kubernetes cluster so an existing cluster is required. All\ndownstream cluster that will be managed will need to communicate to this central Kubernetes cluster. This\nmeans the Kubernetes API server URL must be accessible to the downstream clusters. Any Kubernetes community\nsupported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,l.kt)("h2",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"If you have ",(0,l.kt)("inlineCode",{parentName:"p"},"jq")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"base64")," available then this one-liners will pull all CA certificates from your\n",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," and place then in a file named ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),"."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n")),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')),(0,l.kt)("h2",{id:"install"},"Install"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Run the following commands"),(0,l.kt)("p",null,"Setup the environment with your specific values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fLk ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},"--cacert ${API_SERVER_CA}")," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"curl -fL --cacert ${API_SERVER_CA} ${API_SERVER_URL}/version\n")),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"${API_SERVER_CA}")," file should look similar to the below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="${API_SERVER_URL}" \\\n --set-file apiServerCA="${API_SERVER_CA}" \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n')),(0,l.kt)("p",null,"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"git repos")," with\nthe Fleet manager."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/5281b7a2.5a0747cb.js b/assets/js/5281b7a2.8839f94e.js similarity index 97% rename from assets/js/5281b7a2.5a0747cb.js rename to assets/js/5281b7a2.8839f94e.js index 6e90af4d1..619a83356 100644 --- a/assets/js/5281b7a2.5a0747cb.js +++ b/assets/js/5281b7a2.8839f94e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5927],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/docs/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/architecture.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/uninstall"},next:{title:"Core Concepts",permalink:"/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5927],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/docs/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/architecture.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/uninstall"},next:{title:"Core Concepts",permalink:"/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file diff --git a/assets/js/5379b7b3.f5fc88d6.js b/assets/js/5379b7b3.352ed73a.js similarity index 96% rename from assets/js/5379b7b3.f5fc88d6.js rename to assets/js/5379b7b3.352ed73a.js index f5262cee7..92328d564 100644 --- a/assets/js/5379b7b3.f5fc88d6.js +++ b/assets/js/5379b7b3.352ed73a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8228],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.5/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.5/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.5/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-overview.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.5/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8228],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.5/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.5/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.5/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-overview.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.5/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.5/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.5/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/5388fcb8.5bbfa708.js b/assets/js/5388fcb8.69d5d6c2.js similarity index 95% rename from assets/js/5388fcb8.5bbfa708.js rename to assets/js/5388fcb8.69d5d6c2.js index ab99983f7..8d431da32 100644 --- a/assets/js/5388fcb8.5bbfa708.js +++ b/assets/js/5388fcb8.69d5d6c2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6673],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),f=l(r),m=o,d=f["".concat(i,".").concat(m)]||f[m]||p[m]||s;return r?n.createElement(d,a(a({ref:t},u),{},{components:r})):n.createElement(d,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=f;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources",c={unversionedId:"ref-resources",id:"version-0.7/ref-resources",title:"Custom Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.7/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.7/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-resources.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.7/namespaces"},next:{title:"Installation Details",permalink:"/0.7/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6673],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),f=l(r),m=o,d=f["".concat(i,".").concat(m)]||f[m]||p[m]||s;return r?n.createElement(d,a(a({ref:t},u),{},{components:r})):n.createElement(d,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=f;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources",c={unversionedId:"ref-resources",id:"version-0.7/ref-resources",title:"Custom Resources",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.7/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.7/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-resources.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.7/namespaces"},next:{title:"Installation Details",permalink:"/0.7/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources"},"Custom Resources"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file diff --git a/assets/js/53c8b813.8dc5ef51.js b/assets/js/53c8b813.a89641b5.js similarity index 97% rename from assets/js/53c8b813.8dc5ef51.js rename to assets/js/53c8b813.a89641b5.js index 56ea583eb..d7aea6d0e 100644 --- a/assets/js/53c8b813.8dc5ef51.js +++ b/assets/js/53c8b813.a89641b5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2837],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.6/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.6/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.6/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-bundle-stages.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.6/concepts"},next:{title:"Git Repository Contents",permalink:"/0.6/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.6/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.6/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.6/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2837],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.6/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.6/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.6/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-bundle-stages.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.6/concepts"},next:{title:"Git Repository Contents",permalink:"/0.6/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.6/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.6/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.6/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file diff --git a/assets/js/53da1243.dbb56b10.js b/assets/js/53da1243.190d6a16.js similarity index 99% rename from assets/js/53da1243.dbb56b10.js rename to assets/js/53da1243.190d6a16.js index a8b3b6a4b..77f13e853 100644 --- a/assets/js/53da1243.dbb56b10.js +++ b/assets/js/53da1243.190d6a16.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1866],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.8/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.8/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.8/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/namespaces.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.8/gitrepo-content"},next:{title:"Custom Resources During Deployment",permalink:"/0.8/resources-during-deployment"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.8/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.8/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.8/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,"The cluster registration namespace contains the cluster and the clusterregistration resources, as well as any gitrepos and bundles."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1866],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.8/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.8/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.8/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/namespaces.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.8/gitrepo-content"},next:{title:"Custom Resources During Deployment",permalink:"/0.8/resources-during-deployment"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.8/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.8/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.8/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,"The cluster registration namespace contains the cluster and the clusterregistration resources, as well as any gitrepos and bundles."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file diff --git a/assets/js/58cc1d6e.73f8939c.js b/assets/js/58cc1d6e.73f8939c.js new file mode 100644 index 000000000..840abfa57 --- /dev/null +++ b/assets/js/58cc1d6e.73f8939c.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5136],{6931:e=>{e.exports=JSON.parse('{"pluginId":"default","version":"0.9","label":"0.9","banner":"unmaintained","badge":true,"noIndex":false,"className":"docs-version-0.9","isLast":false,"docsSidebars":{"docs":[{"type":"link","label":"Overview","href":"/0.9/","docId":"index"},{"type":"category","label":"Tutorials","collapsed":false,"items":[{"type":"link","label":"Quick Start","href":"/0.9/quickstart","docId":"quickstart"},{"type":"link","label":"Creating a Deployment","href":"/0.9/tut-deployment","docId":"tut-deployment"},{"type":"link","label":"Uninstall","href":"/0.9/uninstall","docId":"uninstall"}],"collapsible":true},{"type":"category","label":"Explanations","collapsed":false,"items":[{"type":"link","label":"Architecture","href":"/0.9/architecture","docId":"architecture"},{"type":"link","label":"Core Concepts","href":"/0.9/concepts","docId":"concepts"},{"type":"link","label":"Bundle Lifecycle","href":"/0.9/ref-bundle-stages","docId":"ref-bundle-stages"},{"type":"link","label":"Git Repository Contents","href":"/0.9/gitrepo-content","docId":"gitrepo-content"},{"type":"link","label":"Namespaces","href":"/0.9/namespaces","docId":"namespaces"},{"type":"link","label":"Custom Resources During Deployment","href":"/0.9/resources-during-deployment","docId":"resources-during-deployment"}],"collapsible":true},{"type":"category","label":"How-tos for Operators","collapsed":false,"items":[{"type":"link","label":"Installation Details","href":"/0.9/installation","docId":"installation"},{"type":"link","label":"Register Downstream Clusters","href":"/0.9/cluster-registration","docId":"cluster-registration"},{"type":"link","label":"Create Cluster Groups","href":"/0.9/cluster-group","docId":"cluster-group"},{"type":"link","label":"Setup Multi User","href":"/0.9/multi-user","docId":"multi-user"}],"collapsible":true},{"type":"category","label":"How-tos for Users","collapsed":false,"items":[{"type":"link","label":"Create a GitRepo Resource","href":"/0.9/gitrepo-add","docId":"gitrepo-add"},{"type":"link","label":"Mapping to Downstream Clusters","href":"/0.9/gitrepo-targets","docId":"gitrepo-targets"},{"type":"link","label":"Generating Diffs to Ignore Modified GitRepos","href":"/0.9/bundle-diffs","docId":"bundle-diffs"},{"type":"link","label":"Using Webhooks Instead of Polling","href":"/0.9/webhook","docId":"webhook"},{"type":"link","label":"Using Image Scan to Update Container Image References","href":"/0.9/imagescan","docId":"imagescan"},{"type":"link","label":"Create a Bundle Resource","href":"/0.9/bundle-add","docId":"bundle-add"}],"collapsible":true},{"type":"category","label":"Reference","collapsed":false,"items":[{"type":"category","label":"CLI","items":[{"type":"link","label":"fleet-agent","href":"/0.9/cli/fleet-agent/","docId":"cli/fleet-agent/fleet-agent"},{"type":"category","label":"fleet-gitjob-cli","items":[{"type":"link","label":"fleet","href":"/0.9/cli/fleet-cli/fleet","docId":"cli/fleet-cli/fleet"},{"type":"link","label":"fleet apply","href":"/0.9/cli/fleet-cli/fleet_apply","docId":"cli/fleet-cli/fleet_apply"},{"type":"link","label":"fleet test","href":"/0.9/cli/fleet-cli/fleet_test","docId":"cli/fleet-cli/fleet_test"}],"collapsed":true,"collapsible":true},{"type":"link","label":"fleet-manager","href":"/0.9/cli/fleet-controller/fleet-manager","docId":"cli/fleet-controller/fleet-manager"}],"collapsed":true,"collapsible":true},{"type":"link","label":"Cluster and Bundle State","href":"/0.9/cluster-bundles-state","docId":"cluster-bundles-state"},{"type":"link","label":"Cluster Registration Internals","href":"/0.9/ref-registration","docId":"ref-registration"},{"type":"link","label":"Configuration","href":"/0.9/ref-configuration","docId":"ref-configuration"},{"type":"link","label":"List of Deployed Resources","href":"/0.9/ref-resources","docId":"ref-resources"},{"type":"link","label":"Custom Resources Spec","href":"/0.9/ref-crds","docId":"ref-crds"},{"type":"link","label":"fleet.yaml","href":"/0.9/ref-fleet-yaml","docId":"ref-fleet-yaml"},{"type":"link","label":"GitRepo Resource","href":"/0.9/ref-gitrepo","docId":"ref-gitrepo"},{"type":"link","label":"Bundle Resource","href":"/0.9/ref-bundle","docId":"ref-bundle"}],"collapsible":true},{"type":"link","label":"Troubleshooting","href":"/0.9/troubleshooting","docId":"troubleshooting"}]},"docs":{"architecture":{"id":"architecture","title":"Architecture","description":"Fleet has two primary components. The Fleet manager and the cluster agents. These","sidebar":"docs"},"bundle-add":{"id":"bundle-add","title":"Create a Bundle Resource","description":"Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created","sidebar":"docs"},"bundle-diffs":{"id":"bundle-diffs","title":"Generating Diffs to Ignore Modified GitRepos","description":"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.","sidebar":"docs"},"cli/fleet-agent/fleet-agent":{"id":"cli/fleet-agent/fleet-agent","title":"","description":"fleet-agent","sidebar":"docs"},"cli/fleet-cli/fleet":{"id":"cli/fleet-cli/fleet","title":"","description":"fleet","sidebar":"docs"},"cli/fleet-cli/fleet_apply":{"id":"cli/fleet-cli/fleet_apply","title":"","description":"fleet apply","sidebar":"docs"},"cli/fleet-cli/fleet_cleanup":{"id":"cli/fleet-cli/fleet_cleanup","title":"","description":"fleet cleanup"},"cli/fleet-cli/fleet_test":{"id":"cli/fleet-cli/fleet_test","title":"","description":"fleet test","sidebar":"docs"},"cli/fleet-controller/fleet-manager":{"id":"cli/fleet-controller/fleet-manager","title":"","description":"fleet-manager","sidebar":"docs"},"cluster-bundles-state":{"id":"cluster-bundles-state","title":"Cluster and Bundle State","description":"Clusters and Bundles have different states in each phase of applying Bundles.","sidebar":"docs"},"cluster-group":{"id":"cluster-group","title":"Create Cluster Groups","description":"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.","sidebar":"docs"},"cluster-registration":{"id":"cluster-registration","title":"Register Downstream Clusters","description":"Overview","sidebar":"docs"},"concepts":{"id":"concepts","title":"Core Concepts","description":"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers","sidebar":"docs"},"gitrepo-add":{"id":"gitrepo-add","title":"Create a GitRepo Resource","description":"Create GitRepo Instance","sidebar":"docs"},"gitrepo-content":{"id":"gitrepo-content","title":"Git Repository Contents","description":"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.","sidebar":"docs"},"gitrepo-targets":{"id":"gitrepo-targets","title":"Mapping to Downstream Clusters","description":"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.","sidebar":"docs"},"imagescan":{"id":"imagescan","title":"Using Image Scan to Update Container Image References","description":"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,","sidebar":"docs"},"index":{"id":"index","title":"Overview","description":"What is Fleet?","sidebar":"docs"},"installation":{"id":"installation","title":"Installation Details","description":"The installation is broken up into two different use cases: single and multi-cluster.","sidebar":"docs"},"multi-user":{"id":"multi-user","title":"Setup Multi User","description":"Fleet uses Kubernetes RBAC where possible.","sidebar":"docs"},"namespaces":{"id":"namespaces","title":"Namespaces","description":"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces","sidebar":"docs"},"quickstart":{"id":"quickstart","title":"Quick Start","description":"Who needs documentation, lets just run this thing!","sidebar":"docs"},"ref-bundle":{"id":"ref-bundle","title":"Bundle Resource","description":"Bundles are automatically created by Fleet when a GitRepo is created.","sidebar":"docs"},"ref-bundle-stages":{"id":"ref-bundle-stages","title":"Bundle Lifecycle","description":"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.","sidebar":"docs"},"ref-configuration":{"id":"ref-configuration","title":"Configuration","description":"A reference list of, mostly internal, configuration options.","sidebar":"docs"},"ref-crds":{"id":"ref-crds","title":"Custom Resources Spec","description":"* Bundle","sidebar":"docs"},"ref-fleet-yaml":{"id":"ref-fleet-yaml","title":"fleet.yaml","description":"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.","sidebar":"docs"},"ref-gitrepo":{"id":"ref-gitrepo","title":"GitRepo Resource","description":"The GitRepo resource describes git repositories, how to access them and where the bundles are located.","sidebar":"docs"},"ref-registration":{"id":"ref-registration","title":"Cluster Registration Internals","description":"How does cluster registration work?","sidebar":"docs"},"ref-resources":{"id":"ref-resources","title":"List of Deployed Resources","description":"After installing Fleet in Rancher these resources are created in the upstream cluster.","sidebar":"docs"},"resources-during-deployment":{"id":"resources-during-deployment","title":"Custom Resources During Deployment","description":"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.","sidebar":"docs"},"troubleshooting":{"id":"troubleshooting","title":"Troubleshooting","description":"This section contains commands and tips to troubleshoot Fleet.","sidebar":"docs"},"tut-deployment":{"id":"tut-deployment","title":"Creating a Deployment","description":"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.","sidebar":"docs"},"uninstall":{"id":"uninstall","title":"Uninstall","description":"Fleet is packaged as two Helm charts so uninstall is accomplished by","sidebar":"docs"},"webhook":{"id":"webhook","title":"Using Webhooks Instead of Polling","description":"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).","sidebar":"docs"}}}')}}]); \ No newline at end of file diff --git a/assets/js/5a165616.8052336c.js b/assets/js/5a165616.c6596bcc.js similarity index 98% rename from assets/js/5a165616.8052336c.js rename to assets/js/5a165616.c6596bcc.js index cfd914e39..8432ba1f8 100644 --- a/assets/js/5a165616.8052336c.js +++ b/assets/js/5a165616.c6596bcc.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5764],{3905:(e,t,a)=>{a.d(t,{Zo:()=>d,kt:()=>h});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function l(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),s=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):l(l({},t),e)),a},d=function(e){var t=s(e.components);return n.createElement(p.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),m=s(a),h=r,u=m["".concat(p,".").concat(h)]||m[h]||c[h]||i;return a?n.createElement(u,l(l({ref:t},d),{},{components:a})):n.createElement(u,l({ref:t},d))}));function h(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,l=new Array(i);l[0]=m;var o={};for(var p in t)hasOwnProperty.call(t,p)&&(o[p]=t[p]);o.originalType=e,o.mdxType="string"==typeof e?e:r,l[1]=o;for(var s=2;s{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>l,default:()=>c,frontMatter:()=>i,metadata:()=>o,toc:()=>s});var n=a(7462),r=(a(7294),a(3905));const i={},l="Create a GitRepo Resource",o={unversionedId:"gitrepo-add",id:"gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/docs/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-add.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"}},p={},s=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2},{value:"Use different helm credentials for each path",id:"use-different-helm-credentials-for-each-path",level:3}],d={toc:s};function c(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"/gitrepo-content"},"Git Repository Contents")," has detail about the content of the Git repository."),(0,r.kt)("p",null,"The available fields of the GitRepo custom resource are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Use ",(0,r.kt)("a",{parentName:"p",href:"#use-different-helm-credentials-for-each-path"},"different helm credentials for each path"),",\nor split them into different gitrepos, or use ",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h3",{id:"use-different-helm-credentials-for-each-path"},"Use different helm credentials for each path"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName")," will be ignored if ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretNameForPaths")," is provided")),(0,r.kt)("p",null,"Create a file ",(0,r.kt)("inlineCode",{parentName:"p"},"secrets-path.yaml")," that contains credentials for each path defined in a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". Credentials will not be used\nfor paths that are not present in this file.\nThe path is the actual path to the bundle (ie to a folder containing a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file) within the git repository, which might have more segments than the entry under ",(0,r.kt)("inlineCode",{parentName:"p"},"paths:"),"."),(0,r.kt)("p",null,"Example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"path-one: # path path-one must exist in the repository\n username: user\n password: pass\npath-two: # path path-one must exist in the repository\n username: user2\n password: pass2\n caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=\n sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n")),(0,r.kt)("p",null,"Create the secret"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml\n")),(0,r.kt)("p",null,"In the previous example credentials for username ",(0,r.kt)("inlineCode",{parentName:"p"},"user")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-one")," and credentials for username\n",(0,r.kt)("inlineCode",{parentName:"p"},"user2")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-two"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"caBundle")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"sshPrivateKey")," must be base64 encoded."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/troubleshooting"},"here"),".")))}c.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5764],{3905:(e,t,a)=>{a.d(t,{Zo:()=>d,kt:()=>h});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function l(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),s=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):l(l({},t),e)),a},d=function(e){var t=s(e.components);return n.createElement(p.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),m=s(a),h=r,u=m["".concat(p,".").concat(h)]||m[h]||c[h]||i;return a?n.createElement(u,l(l({ref:t},d),{},{components:a})):n.createElement(u,l({ref:t},d))}));function h(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,l=new Array(i);l[0]=m;var o={};for(var p in t)hasOwnProperty.call(t,p)&&(o[p]=t[p]);o.originalType=e,o.mdxType="string"==typeof e?e:r,l[1]=o;for(var s=2;s{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>l,default:()=>c,frontMatter:()=>i,metadata:()=>o,toc:()=>s});var n=a(7462),r=(a(7294),a(3905));const i={},l="Create a GitRepo Resource",o={unversionedId:"gitrepo-add",id:"gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/docs/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-add.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"}},p={},s=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2},{value:"Use different helm credentials for each path",id:"use-different-helm-credentials-for-each-path",level:3}],d={toc:s};function c(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"/gitrepo-content"},"Git Repository Contents")," has detail about the content of the Git repository."),(0,r.kt)("p",null,"The available fields of the GitRepo custom resource are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Use ",(0,r.kt)("a",{parentName:"p",href:"#use-different-helm-credentials-for-each-path"},"different helm credentials for each path"),",\nor split them into different gitrepos, or use ",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h3",{id:"use-different-helm-credentials-for-each-path"},"Use different helm credentials for each path"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName")," will be ignored if ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretNameForPaths")," is provided")),(0,r.kt)("p",null,"Create a file ",(0,r.kt)("inlineCode",{parentName:"p"},"secrets-path.yaml")," that contains credentials for each path defined in a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". Credentials will not be used\nfor paths that are not present in this file.\nThe path is the actual path to the bundle (ie to a folder containing a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file) within the git repository, which might have more segments than the entry under ",(0,r.kt)("inlineCode",{parentName:"p"},"paths:"),"."),(0,r.kt)("p",null,"Example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"path-one: # path path-one must exist in the repository\n username: user\n password: pass\npath-two: # path path-one must exist in the repository\n username: user2\n password: pass2\n caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=\n sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n")),(0,r.kt)("p",null,"Create the secret"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml\n")),(0,r.kt)("p",null,"In the previous example credentials for username ",(0,r.kt)("inlineCode",{parentName:"p"},"user")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-one")," and credentials for username\n",(0,r.kt)("inlineCode",{parentName:"p"},"user2")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-two"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"caBundle")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"sshPrivateKey")," must be base64 encoded."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/troubleshooting"},"here"),".")))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/5b0cdfa3.2099f630.js b/assets/js/5b0cdfa3.2099f630.js new file mode 100644 index 000000000..d44d1e0db --- /dev/null +++ b/assets/js/5b0cdfa3.2099f630.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4665],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),d=r,h=c["".concat(s,".").concat(d)]||c[d]||m[d]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Mapping to Downstream Clusters",i={unversionedId:"gitrepo-targets",id:"version-0.9/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.9/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.9/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/gitrepo-targets.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.9/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.9/bundle-diffs"}},s={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Supported Customizations",id:"supported-customizations",level:3},{value:"Additional Examples",id:"additional-examples",level:2}],u={toc:p};function m(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style\nIf no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n # Match everything\n - clusterSelector: {}\n # Selector ignored\n - clusterSelector: null\n")),(0,r.kt)("p",null,"You can also match clusters by name:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n - clusterName: fleetname\n")),(0,r.kt)("p",null,"When using Fleet in Rancher, make sure to put the name of the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource."),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"targets:")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource select clusters to deploy on. The ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations:")," in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," override Helm values only and do not change targeting.")),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),":")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h3",{id:"supported-customizations"},"Supported Customizations"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"DefaultNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ForceSyncGeneration"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"KeepResources"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ServiceAccount"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"TargetNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Atomic"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Chart"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.DisablePreProcess"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Force"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ReleaseName"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Repo"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TakeOwnership"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TimeoutSeconds"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ValuesFrom"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Values"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Version")),(0,r.kt)("admonition",{parentName:"li",title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will\ndeploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed\netcd's configured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details."))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.WaitForJobs"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#kustomizeoptions"},"Kustomize.Dir"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#yamloptions"},"YAML.Overlays"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#diffoptions"},"Diff.ComparePatches")))),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/5b7f8ae0.07f9d4fb.js b/assets/js/5b7f8ae0.07f9d4fb.js new file mode 100644 index 000000000..3bd20ea59 --- /dev/null +++ b/assets/js/5b7f8ae0.07f9d4fb.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4203],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),i=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=i(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},d),{},{components:n})):r.createElement(m,s({ref:t},d))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.9/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.9/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.9/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cluster-bundles-state.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.9/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.9/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/5ff573a6.160fcbbf.js b/assets/js/5ff573a6.c1bea08d.js similarity index 99% rename from assets/js/5ff573a6.160fcbbf.js rename to assets/js/5ff573a6.c1bea08d.js index b315e479c..6e6aaf88c 100644 --- a/assets/js/5ff573a6.160fcbbf.js +++ b/assets/js/5ff573a6.c1bea08d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7640],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),l=n(6010);const r="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),l=n(7294),r=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:l}}=e;return{value:t,label:n,attributes:a,default:l}}))}function p(e){const{values:t,children:n}=e;return(0,l.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),r=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(a.location.search);t.set(r,e),a.replace({...a.location,search:t.toString()})}),[r,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,r=p(e),[i,s]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,r]=(0,c.Nk)(n);return[a,(0,l.useCallback)((e=>{n&&r.set(e)}),[n,r])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,l.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,r]),tabValues:r}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function y(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return l.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,r.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function v(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",f)},l.createElement(y,(0,a.Z)({},e,t)),l.createElement(v,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return l.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},9267:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>d,contentTitle:()=>u,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=n(7462),l=(n(7294),n(3905)),r=(n(6828),n(814)),i=n(4866),s=n(5162);const o={},u="Register Downstream Clusters",c={unversionedId:"cluster-registration",id:"version-0.7/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.7/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.7/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cluster-registration.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.7/installation"},next:{title:"Create Cluster Groups",permalink:"/0.7/cluster-group"}},d={},p=[{value:"Overview",id:"overview",level:2},{value:"Agent-Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager-Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],m={toc:p};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,l.kt)("h2",{id:"overview"},"Overview"),(0,l.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,l.kt)("strong",{parentName:"p"},"agent-initiated")," and ",(0,l.kt)("strong",{parentName:"p"},"manager-initiated")," registration. Typically one would\ngo with the agent-initiated registration but there are specific use cases in which\nmanager-initiated is a better workflow."),(0,l.kt)("h3",{id:"agent-initiated-registration"},"Agent-Initiated Registration"),(0,l.kt)("p",null,"Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,l.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,l.kt)("h3",{id:"manager-initiated-registration"},"Manager-Initiated Registration"),(0,l.kt)("p",null,"Manager-initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,l.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,l.kt)("a",{parentName:"p",href:"/0.7/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,l.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,l.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,l.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,l.kt)("p",null,"Add Fleet's Helm repo."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(s.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent fleet/fleet-agent')),(0,l.kt)(s.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.7/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,l.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Add Fleet's Helm repo."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(s.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent fleet/fleet-agent')),(0,l.kt)(s.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.7/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,l.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Not needed for Manager-initiated registration"),":\nFor manager-initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,l.kt)("p",null,"For an agent-initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,l.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,l.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,l.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,l.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,l.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,l.kt)("a",{parentName:"p",href:"/0.7/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,l.kt)("p",null,"After the ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,l.kt)("p",null,"One way to do so is via the following one-liner:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,l.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,l.kt)("p",null,"The token value contains YAML content for a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,l.kt)("p",null,"Such value is contained in the ",(0,l.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,l.kt)("p",null,"Once the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,l.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,l.kt)("p",null,"The manager-initiated registration flow is accomplished by creating a\n",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,l.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,l.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,l.kt)("a",{parentName:"p",href:"/0.7/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,l.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,l.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,l.kt)("p",null,"The format of this secret is intended to match the ",(0,l.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,l.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,l.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}h.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7640],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),l=n(6010);const r="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),l=n(7294),r=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:l}}=e;return{value:t,label:n,attributes:a,default:l}}))}function p(e){const{values:t,children:n}=e;return(0,l.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),r=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(a.location.search);t.set(r,e),a.replace({...a.location,search:t.toString()})}),[r,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,r=p(e),[i,s]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,r]=(0,c.Nk)(n);return[a,(0,l.useCallback)((e=>{n&&r.set(e)}),[n,r])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,l.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,r]),tabValues:r}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function y(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return l.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,r.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function v(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",f)},l.createElement(y,(0,a.Z)({},e,t)),l.createElement(v,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return l.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},9267:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>d,contentTitle:()=>u,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=n(7462),l=(n(7294),n(3905)),r=(n(6828),n(814)),i=n(4866),s=n(5162);const o={},u="Register Downstream Clusters",c={unversionedId:"cluster-registration",id:"version-0.7/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.7/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.7/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cluster-registration.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.7/installation"},next:{title:"Create Cluster Groups",permalink:"/0.7/cluster-group"}},d={},p=[{value:"Overview",id:"overview",level:2},{value:"Agent-Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager-Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],m={toc:p};function h(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,l.kt)("h2",{id:"overview"},"Overview"),(0,l.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,l.kt)("strong",{parentName:"p"},"agent-initiated")," and ",(0,l.kt)("strong",{parentName:"p"},"manager-initiated")," registration. Typically one would\ngo with the agent-initiated registration but there are specific use cases in which\nmanager-initiated is a better workflow."),(0,l.kt)("h3",{id:"agent-initiated-registration"},"Agent-Initiated Registration"),(0,l.kt)("p",null,"Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,l.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,l.kt)("h3",{id:"manager-initiated-registration"},"Manager-Initiated Registration"),(0,l.kt)("p",null,"Manager-initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,l.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,l.kt)("a",{parentName:"p",href:"/0.7/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,l.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,l.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,l.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,l.kt)("p",null,"Add Fleet's Helm repo."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(s.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent fleet/fleet-agent')),(0,l.kt)(s.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.7/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,l.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Add Fleet's Helm repo."),(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(s.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,l.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent fleet/fleet-agent')),(0,l.kt)(s.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.7/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,l.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Not needed for Manager-initiated registration"),":\nFor manager-initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,l.kt)("p",null,"For an agent-initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,l.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,l.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,l.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,l.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,l.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,l.kt)("a",{parentName:"p",href:"/0.7/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,l.kt)("p",null,"After the ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,l.kt)("p",null,"One way to do so is via the following one-liner:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,l.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,l.kt)("p",null,"The token value contains YAML content for a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,l.kt)("p",null,"Such value is contained in the ",(0,l.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,l.kt)("p",null,"Once the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,l.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,l.kt)("p",null,"The manager-initiated registration flow is accomplished by creating a\n",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,l.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,l.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,l.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,l.kt)("a",{parentName:"p",href:"/0.7/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,l.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,l.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,l.kt)("p",null,"The format of this secret is intended to match the ",(0,l.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,l.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,l.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/60bcd92c.79aeddd9.js b/assets/js/60bcd92c.9b8b824c.js similarity index 99% rename from assets/js/60bcd92c.79aeddd9.js rename to assets/js/60bcd92c.9b8b824c.js index f0a9b5af7..60f23dca5 100644 --- a/assets/js/60bcd92c.79aeddd9.js +++ b/assets/js/60bcd92c.9b8b824c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[314],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function y(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(v,(0,a.Z)({},e,t)),r.createElement(y,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},1843:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>g,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var a=n(7462),r=(n(7294),n(3905)),l=n(6828),i=n(814),s=n(4866),o=n(5162);const u={},c="Register Downstream Clusters",d={unversionedId:"cluster-registration",id:"version-0.6/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.6/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.6/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-registration.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.6/installation"},next:{title:"Create Cluster Groups",permalink:"/0.6/cluster-group"}},p={},m=[{value:"Overview",id:"overview",level:2},{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],h={toc:m};function g(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},h,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,r.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,r.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/0.6/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe cluster registration token is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(s.Z,{mdxType:"Tabs"},(0,r.kt)(o.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",l.d["v0.6"].fleetAgent)),(0,r.kt)(o.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(s.Z,{mdxType:"Tabs"},(0,r.kt)(o.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",l.d["v0.6"].fleetAgent)),(0,r.kt)(o.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/0.6/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}g.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[314],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function y(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(v,(0,a.Z)({},e,t)),r.createElement(y,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},1843:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>g,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var a=n(7462),r=(n(7294),n(3905)),l=n(6828),i=n(814),s=n(4866),o=n(5162);const u={},c="Register Downstream Clusters",d={unversionedId:"cluster-registration",id:"version-0.6/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.6/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.6/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-registration.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.6/installation"},next:{title:"Create Cluster Groups",permalink:"/0.6/cluster-group"}},p={},m=[{value:"Overview",id:"overview",level:2},{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],h={toc:m};function g(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},h,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,r.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,r.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/0.6/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe cluster registration token is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(s.Z,{mdxType:"Tabs"},(0,r.kt)(o.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent'," ",l.d["v0.6"].fleetAgent)),(0,r.kt)(o.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(s.Z,{mdxType:"Tabs"},(0,r.kt)(o.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(i.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent'," ",l.d["v0.6"].fleetAgent)),(0,r.kt)(o.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/0.6/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}g.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/60c2c817.daacf9b4.js b/assets/js/60c2c817.daacf9b4.js new file mode 100644 index 000000000..4b2e8cdb0 --- /dev/null +++ b/assets/js/60c2c817.daacf9b4.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9857],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=l(n),m=o,f=d["".concat(c,".").concat(m)]||d[m]||u[m]||a;return n?r.createElement(f,s(s({ref:t},p),{},{components:n})):r.createElement(f,s({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=d;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.9/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.9/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.9/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/ref-gitrepo.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.9/ref-fleet-yaml"},next:{title:"Bundle Resource",permalink:"/0.9/ref-bundle"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.9/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.\n # Credentials will always be used if it is empty or not provided\n #\n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n # If empty, the "default" cluster group is used.\n #\n # targets: ...\n #\n # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses\n # a three-way merge strategy by default. \n # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating \n # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.\n # Keep in mind that resources might be recreated if force is enabled.\n # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.\n #\n # correctDrift:\n # enabled: false\n # force: false #Warning: it might recreate resources if set to true\n # keepFailHistory: false\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/612623d2.185ddb0a.js b/assets/js/612623d2.fc39007f.js similarity index 98% rename from assets/js/612623d2.185ddb0a.js rename to assets/js/612623d2.fc39007f.js index 90418e1f6..cdad44352 100644 --- a/assets/js/612623d2.185ddb0a.js +++ b/assets/js/612623d2.fc39007f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7540],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),p=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=p(n),d=l,m=f["".concat(c,".").concat(d)]||f[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},u),{},{components:n})):r.createElement(m,o({ref:t},u))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>p});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet cleanup"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_cleanup",id:"cli/fleet-cli/fleet_cleanup",title:"",description:"fleet cleanup",source:"@site/docs/cli/fleet-cli/fleet_cleanup.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_cleanup",permalink:"/cli/fleet-cli/fleet_cleanup",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_cleanup.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet cleanup"}},c={},p=[{value:"fleet cleanup",id:"fleet-cleanup",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],u={toc:p};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-cleanup"},"fleet cleanup"),(0,l.kt)("p",null,"Clean up outdated cluster registrations"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet cleanup [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --factor string Factor to increase delay between deletes (default: 1.1)\n -h, --help help for cleanup\n --max string Maximum delay between deletes (default: 5s)\n --min string Minimum delay between deletes (default: 10ms)\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}s.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7540],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),p=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=p(n),d=l,m=f["".concat(c,".").concat(d)]||f[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},u),{},{components:n})):r.createElement(m,o({ref:t},u))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>p});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet cleanup"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_cleanup",id:"cli/fleet-cli/fleet_cleanup",title:"",description:"fleet cleanup",source:"@site/docs/cli/fleet-cli/fleet_cleanup.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_cleanup",permalink:"/cli/fleet-cli/fleet_cleanup",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_cleanup.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet cleanup"}},c={},p=[{value:"fleet cleanup",id:"fleet-cleanup",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],u={toc:p};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-cleanup"},"fleet cleanup"),(0,l.kt)("p",null,"Clean up outdated cluster registrations"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet cleanup [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --factor string Factor to increase delay between deletes (default: 1.1)\n -h, --help help for cleanup\n --max string Maximum delay between deletes (default: 5s)\n --min string Minimum delay between deletes (default: 10ms)\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/62bbc60f.7450f343.js b/assets/js/62bbc60f.e420622c.js similarity index 98% rename from assets/js/62bbc60f.7450f343.js rename to assets/js/62bbc60f.e420622c.js index 5651c4f57..0cea5b082 100644 --- a/assets/js/62bbc60f.7450f343.js +++ b/assets/js/62bbc60f.e420622c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6295],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.6/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.6/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.6/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/namespaces.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.6/gitrepo-content"},next:{title:"Custom Resources",permalink:"/0.6/ref-resources"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.6/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.6/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6295],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.6/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.6/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.6/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/namespaces.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.6/gitrepo-content"},next:{title:"Custom Resources",permalink:"/0.6/ref-resources"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.6/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.6/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.6/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file diff --git a/assets/js/6349fbc0.bb7a998f.js b/assets/js/6349fbc0.22dd4e83.js similarity index 99% rename from assets/js/6349fbc0.bb7a998f.js rename to assets/js/6349fbc0.22dd4e83.js index 2853b80ac..bf9b5788a 100644 --- a/assets/js/6349fbc0.bb7a998f.js +++ b/assets/js/6349fbc0.22dd4e83.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7383],{3905:(t,e,a)=>{a.d(e,{Zo:()=>s,kt:()=>k});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var p=n.createContext({}),m=function(t){var e=n.useContext(p),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},s=function(t){var e=m(t.components);return n.createElement(p.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},o=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,p=t.parentName,s=u(t,["components","mdxType","originalType","parentName"]),o=m(a),k=l,N=o["".concat(p,".").concat(k)]||o[k]||d[k]||r;return a?n.createElement(N,i(i({ref:e},s),{},{components:a})):n.createElement(N,i({ref:e},s))}));function k(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=o;var u={};for(var p in e)hasOwnProperty.call(e,p)&&(u[p]=e[p]);u.originalType=t,u.mdxType="string"==typeof t?t:l,i[1]=u;for(var m=2;m{a.r(e),a.d(e,{assets:()=>p,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>u,toc:()=>m});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",u={unversionedId:"ref-crds",id:"version-0.8/ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/versioned_docs/version-0.8/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.8/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-crds.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"List of Deployed Resources",permalink:"/0.8/ref-resources"},next:{title:"fleet.yaml",permalink:"/0.8/ref-fleet-yaml"}},p={},m=[{value:"CorrectDrift",id:"correctdrift",level:4},{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentResource",id:"bundledeploymentresource",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"IgnoreOptions",id:"ignoreoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],s={toc:m};function d(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},s,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"correctdrift"},"CorrectDrift"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"enabled"),(0,l.kt)("td",{parentName:"tr",align:null},"Enabled correct drift if true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force helm rollback with --force option will be used if true. This will try to recreate all resources in the release."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepFailHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepFailHistory keeps track of failed rollbacks in the helm history."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("p",null,"GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundleDeployments is a string in the form \\"%d/%d\\", that describes the number of ready bundledeployments over the total number of bundledeployments.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the GitRepo, e.g. \\"GitUpdating\\" or the maximal BundleState according to StateRank.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains the relevant message from the deployment conditions."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if a message is present."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("p",null,"GitRepoResource contains metadata about the resources of a bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the API version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null},'Type is the type of the resource, e.g. \\"apiextensions.k8s.io.customresourcedefinition\\" or \\"configmap\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null},'ID is the name of the resource, e.g. \\"namespace1/my-config\\" or \\"backingimagemanagers.storage.io\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null},"IncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, e.g. \\"Unknown\\", \\"WaitApplied\\", \\"ErrApplied\\" or \\"Ready\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if any Error in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if any Transitioning in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message is the first message from the PerClusterStates."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null},"PerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("p",null,"GitRepoResourceCounts contains the number of resources in each state."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of resources that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of resources that are waiting to be applied."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of resources that have been modified."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null},"Orphaned is the number of orphaned resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null},"Missing is the number of missing resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null},"Unknown is the number of resources in an unknown state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of not ready resources. Resources are not ready if they do not match any other state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("p",null,"GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultServiceAccount overrides the GitRepo's default service account."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultClientSecretName overrides the GitRepo's default client secret."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for a private Helm repository."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretNameForPaths"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretNameForPaths contains the auth secret for private Helm repository for each path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of targets this repo will deploy to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gittarget"},"GitTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when a new image is scanned and written back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit is the Git commit hash from the last gitjob run."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyClusters\\tis the number of clusters that should be ready for bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null},'GitJobStatus is the status of the last GitJob run, e.g. \\"Current\\" if there was no error.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains a human readable summary of the status."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains metadata about the resources of each bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceErrors is a sorted list of errors from the resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSyncedImageScanTime is the time of the last image scan."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("p",null,"GitTarget is a cluster or cluster group to deploy to."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of this target."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a label selector to select clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup is the name of a cluster group in the same namespace as the clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a label selector to select cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("p",null,"ResourcePerClusterState is generated for each non-ready resource of the bundles."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is the state of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if the resource is in an error state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if the resource is in a transitioning state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message combines the messages from the bundle's summary. Messages are joined with the delimiter ';'."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null},"Patch for modified resources."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterID is the id of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("p",null,"Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.\\n\\nWhen a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("p",null,"BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ignore"),(0,l.kt)("td",{parentName:"tr",align:null},"IgnoreOptions can be used to ignore fields when monitoring the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceLabels are labels that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceAnnotations"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceAnnotations are annotations that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentresource"},"BundleDeploymentResource"),(0,l.kt)("p",null,"BundleDeploymentResource contains the metadata of a deployed resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"createdAt"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedOptions are the deployment options, that are staged for the next deployment."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedDeploymentID is the ID of the staged deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null},"Options are the deployment options, that are currently applied."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"DeploymentID is the ID of the currently applied deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources lists the metadata of resources that were deployed according to the helm release history."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("p",null,"BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is a summary state for the bundle, calculated over the non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("p",null,"BundleNamespaceMapping maps bundles to clusters in other namespaces."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching bundle's labels."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("p",null,"BundleResource represents the content of a single resource from the bundle, like a YAML manifest."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource, can include the bundle's internal path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"The content of the resource, can be compressed."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null},'Encoding is either empty or \\"base64+gz\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains the resources that were read from the bundle's path. This includes the content of downloaded helm charts."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleresource"},"BundleResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions is an allow list, which controls if a bundledeployment is created for a target."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null},"NewlyCreated is the number of bundle deployments that have been created, not updated."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"UnavailablePartitions is the number of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable deployments. See rollout configuration."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"PartitionStatus lists the status of each partition."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc.."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("p",null,"BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of bundle deployments that have been deployed where some resources are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"ErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"OutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of bundle deployments that have been deployed where all resources are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null},"Pending is the number of bundle deployments that are being processed by Fleet controller."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of bundle deployments that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of states, which is filled for a bundle that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("p",null,"BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},'Name of target. This value is largely for display and logging. If not specified a default name of the format \\"target000\\" will be used'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName to match a specific cluster by name that will be selected"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup to match a specific cluster group by name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a selector to match cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"doNotDeploy"),(0,l.kt)("td",{parentName:"tr",align:null},"DoNotDeploy if set to true, will not deploy to this target."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("p",null,"BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("p",null,"ComparePatch matches a resource and removes fields from the check for modifications."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the kind of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the apiVersion of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null},"Operations remove a JSON path from the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#operation"},"Operation")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null},"JSONPointers ignore diffs at a certain JSON path."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("p",null,"Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"Content is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment's content resource, so the downstream agent can deploy them."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null},"ComparePatches match a resource and remove fields from the check for modifications."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("p",null,"HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes Fleet skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"ignoreoptions"},"IgnoreOptions"),(0,l.kt)("p",null,"IgnoreOptions defines conditions to be ignored when monitoring the Bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions to be ignored when monitoring the Bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("p",null,"KustomizeOptions for a deployment."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null},"Dir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of a resource in the same namespace as the referent."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("p",null,"ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("p",null,'NonReadyResource contains information about a bundle that is not ready for a given state like \\"ErrApplied\\". It contains a list of non-ready or modified resources and their states.'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, like e.g. \\"NotReady\\" or \\"ErrApplied\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains information why the bundle is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"ModifiedStatus lists the state for each modified resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyStatus lists the state for each non-ready resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("p",null,"NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("p",null,'Operation of a ComparePatch, usually \\"remove\\".'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null},'Op is usually \\"remove\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null},"Path is the JSON path to remove."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null},"Value is usually empty."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("p",null,"Partition defines a separate rollout strategy for a set of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"A user-friendly name given to the partition used for Display (optional)."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"A cluster group name to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster group labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("p",null,"PartitionStatus is the status of a single rollout partition."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null},"Count is the number of clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary state for the partition, calculated over its non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("p",null,"ResourceKey lists resources, which will likely be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s api kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the k8s api version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("p",null,"RolloverStrategy controls the rollout of the bundle across clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn't take effect on update. default: 100%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partition"},"Partition")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("p",null,"YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null},'Overlays is a list of names that maps to folders in \\"overlays/\\". If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSeen is the last time the agent checked in to update the status of the cluster resource."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the namespace of the agent deployment, e.g. \\"cattle-fleet-system\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNodes is the number of nodes that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes is the number of nodes that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNode contains the names of non-ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes contains the names of ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("p",null,"Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyNodes is a string in the form \\"%d/%d\\", that describes the number of nodes that are ready vs. the number of expected nodes.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null},"SampleNode is the name of one of the nodes that are ready. If no node is ready, it's the name of a node that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State of the cluster, either one of the bundle states, or \\"WaitCheckIn\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("p",null,"ClusterGroup is a re-usable selector to target a group of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is a summary state for the cluster group, showing \\"NotReady\\" if there are non-ready resources.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector is a label selector, used to select clusters for this group."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterCount is the number of clusters in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusterCount is the number of clusters that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of cluster names that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions and their statuses for the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundle deployments and their resources in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("p",null,"ClusterRegistration is used internally by Fleet and should not be used directly."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterLabels are copied to the cluster resource during the registration."),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is only set after the registration is being processed by fleet-controller."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null},"Granted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("p",null,"ClusterRegistrationToken is used by agents to register a new cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null},"TTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null},"Expires is the time when the token expires."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretName is the name of the secret containing the token."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts is an aggregate over the GitRepoResourceCounts."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyGitRepos is the number of gitrepos for this cluster that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVarsHash is a hash of the agent's env vars, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentPrivateRepoURL is the private repo URL for the agent that is currently used."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentDeployedGeneration is the generation of the agent that is currently deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"CattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinityHash is a hash of the agent's affinity configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResourcesHash is a hash of the agent's resources configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerationsHash is a hash of the agent's tolerations configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentConfigChanged"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerURL"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerCAHash"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerCAHash is a hash of the upstream API server CA, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready bundles, nodes and a summary state."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentStatus contains information about the agent."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7383],{3905:(t,e,a)=>{a.d(e,{Zo:()=>s,kt:()=>k});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var p=n.createContext({}),m=function(t){var e=n.useContext(p),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},s=function(t){var e=m(t.components);return n.createElement(p.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},o=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,p=t.parentName,s=u(t,["components","mdxType","originalType","parentName"]),o=m(a),k=l,N=o["".concat(p,".").concat(k)]||o[k]||d[k]||r;return a?n.createElement(N,i(i({ref:e},s),{},{components:a})):n.createElement(N,i({ref:e},s))}));function k(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=o;var u={};for(var p in e)hasOwnProperty.call(e,p)&&(u[p]=e[p]);u.originalType=t,u.mdxType="string"==typeof t?t:l,i[1]=u;for(var m=2;m{a.r(e),a.d(e,{assets:()=>p,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>u,toc:()=>m});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",u={unversionedId:"ref-crds",id:"version-0.8/ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/versioned_docs/version-0.8/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.8/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-crds.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"List of Deployed Resources",permalink:"/0.8/ref-resources"},next:{title:"fleet.yaml",permalink:"/0.8/ref-fleet-yaml"}},p={},m=[{value:"CorrectDrift",id:"correctdrift",level:4},{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentResource",id:"bundledeploymentresource",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"IgnoreOptions",id:"ignoreoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],s={toc:m};function d(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},s,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"correctdrift"},"CorrectDrift"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"enabled"),(0,l.kt)("td",{parentName:"tr",align:null},"Enabled correct drift if true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force helm rollback with --force option will be used if true. This will try to recreate all resources in the release."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepFailHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepFailHistory keeps track of failed rollbacks in the helm history."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("p",null,"GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundleDeployments is a string in the form \\"%d/%d\\", that describes the number of ready bundledeployments over the total number of bundledeployments.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the GitRepo, e.g. \\"GitUpdating\\" or the maximal BundleState according to StateRank.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains the relevant message from the deployment conditions."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if a message is present."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("p",null,"GitRepoResource contains metadata about the resources of a bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the API version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null},'Type is the type of the resource, e.g. \\"apiextensions.k8s.io.customresourcedefinition\\" or \\"configmap\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null},'ID is the name of the resource, e.g. \\"namespace1/my-config\\" or \\"backingimagemanagers.storage.io\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null},"IncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, e.g. \\"Unknown\\", \\"WaitApplied\\", \\"ErrApplied\\" or \\"Ready\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if any Error in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if any Transitioning in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message is the first message from the PerClusterStates."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null},"PerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("p",null,"GitRepoResourceCounts contains the number of resources in each state."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of resources that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of resources that are waiting to be applied."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of resources that have been modified."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null},"Orphaned is the number of orphaned resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null},"Missing is the number of missing resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null},"Unknown is the number of resources in an unknown state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of not ready resources. Resources are not ready if they do not match any other state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("p",null,"GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultServiceAccount overrides the GitRepo's default service account."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultClientSecretName overrides the GitRepo's default client secret."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for a private Helm repository."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretNameForPaths"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretNameForPaths contains the auth secret for private Helm repository for each path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of targets this repo will deploy to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gittarget"},"GitTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when a new image is scanned and written back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit is the Git commit hash from the last gitjob run."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyClusters\\tis the number of clusters that should be ready for bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null},'GitJobStatus is the status of the last GitJob run, e.g. \\"Current\\" if there was no error.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains a human readable summary of the status."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains metadata about the resources of each bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceErrors is a sorted list of errors from the resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSyncedImageScanTime is the time of the last image scan."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("p",null,"GitTarget is a cluster or cluster group to deploy to."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of this target."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a label selector to select clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup is the name of a cluster group in the same namespace as the clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a label selector to select cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("p",null,"ResourcePerClusterState is generated for each non-ready resource of the bundles."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is the state of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if the resource is in an error state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if the resource is in a transitioning state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message combines the messages from the bundle's summary. Messages are joined with the delimiter ';'."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null},"Patch for modified resources."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterID is the id of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("p",null,"Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.\\n\\nWhen a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("p",null,"BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ignore"),(0,l.kt)("td",{parentName:"tr",align:null},"IgnoreOptions can be used to ignore fields when monitoring the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceLabels are labels that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceAnnotations"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceAnnotations are annotations that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentresource"},"BundleDeploymentResource"),(0,l.kt)("p",null,"BundleDeploymentResource contains the metadata of a deployed resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"createdAt"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedOptions are the deployment options, that are staged for the next deployment."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedDeploymentID is the ID of the staged deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null},"Options are the deployment options, that are currently applied."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"DeploymentID is the ID of the currently applied deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources lists the metadata of resources that were deployed according to the helm release history."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("p",null,"BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is a summary state for the bundle, calculated over the non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("p",null,"BundleNamespaceMapping maps bundles to clusters in other namespaces."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching bundle's labels."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("p",null,"BundleResource represents the content of a single resource from the bundle, like a YAML manifest."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource, can include the bundle's internal path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"The content of the resource, can be compressed."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null},'Encoding is either empty or \\"base64+gz\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains the resources that were read from the bundle's path. This includes the content of downloaded helm charts."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleresource"},"BundleResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions is an allow list, which controls if a bundledeployment is created for a target."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null},"NewlyCreated is the number of bundle deployments that have been created, not updated."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"UnavailablePartitions is the number of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable deployments. See rollout configuration."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"PartitionStatus lists the status of each partition."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc.."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("p",null,"BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of bundle deployments that have been deployed where some resources are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"ErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"OutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of bundle deployments that have been deployed where all resources are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null},"Pending is the number of bundle deployments that are being processed by Fleet controller."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of bundle deployments that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of states, which is filled for a bundle that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("p",null,"BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},'Name of target. This value is largely for display and logging. If not specified a default name of the format \\"target000\\" will be used'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName to match a specific cluster by name that will be selected"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup to match a specific cluster group by name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a selector to match cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"doNotDeploy"),(0,l.kt)("td",{parentName:"tr",align:null},"DoNotDeploy if set to true, will not deploy to this target."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("p",null,"BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("p",null,"ComparePatch matches a resource and removes fields from the check for modifications."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the kind of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the apiVersion of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null},"Operations remove a JSON path from the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#operation"},"Operation")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null},"JSONPointers ignore diffs at a certain JSON path."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("p",null,"Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"Content is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment's content resource, so the downstream agent can deploy them."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null},"ComparePatches match a resource and remove fields from the check for modifications."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("p",null,"HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes Fleet skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"ignoreoptions"},"IgnoreOptions"),(0,l.kt)("p",null,"IgnoreOptions defines conditions to be ignored when monitoring the Bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions to be ignored when monitoring the Bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("p",null,"KustomizeOptions for a deployment."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null},"Dir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of a resource in the same namespace as the referent."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("p",null,"ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("p",null,'NonReadyResource contains information about a bundle that is not ready for a given state like \\"ErrApplied\\". It contains a list of non-ready or modified resources and their states.'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, like e.g. \\"NotReady\\" or \\"ErrApplied\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains information why the bundle is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"ModifiedStatus lists the state for each modified resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyStatus lists the state for each non-ready resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("p",null,"NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("p",null,'Operation of a ComparePatch, usually \\"remove\\".'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null},'Op is usually \\"remove\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null},"Path is the JSON path to remove."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null},"Value is usually empty."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("p",null,"Partition defines a separate rollout strategy for a set of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"A user-friendly name given to the partition used for Display (optional)."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"A cluster group name to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster group labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("p",null,"PartitionStatus is the status of a single rollout partition."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null},"Count is the number of clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary state for the partition, calculated over its non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("p",null,"ResourceKey lists resources, which will likely be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s api kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the k8s api version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("p",null,"RolloverStrategy controls the rollout of the bundle across clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn't take effect on update. default: 100%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partition"},"Partition")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("p",null,"YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null},'Overlays is a list of names that maps to folders in \\"overlays/\\". If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSeen is the last time the agent checked in to update the status of the cluster resource."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the namespace of the agent deployment, e.g. \\"cattle-fleet-system\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNodes is the number of nodes that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes is the number of nodes that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNode contains the names of non-ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes contains the names of ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("p",null,"Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyNodes is a string in the form \\"%d/%d\\", that describes the number of nodes that are ready vs. the number of expected nodes.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null},"SampleNode is the name of one of the nodes that are ready. If no node is ready, it's the name of a node that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State of the cluster, either one of the bundle states, or \\"WaitCheckIn\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("p",null,"ClusterGroup is a re-usable selector to target a group of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is a summary state for the cluster group, showing \\"NotReady\\" if there are non-ready resources.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector is a label selector, used to select clusters for this group."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterCount is the number of clusters in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusterCount is the number of clusters that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of cluster names that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions and their statuses for the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundle deployments and their resources in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("p",null,"ClusterRegistration is used internally by Fleet and should not be used directly."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterLabels are copied to the cluster resource during the registration."),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is only set after the registration is being processed by fleet-controller."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null},"Granted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("p",null,"ClusterRegistrationToken is used by agents to register a new cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null},"TTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null},"Expires is the time when the token expires."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretName is the name of the secret containing the token."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts is an aggregate over the GitRepoResourceCounts."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyGitRepos is the number of gitrepos for this cluster that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVarsHash is a hash of the agent's env vars, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentPrivateRepoURL is the private repo URL for the agent that is currently used."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentDeployedGeneration is the generation of the agent that is currently deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"CattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinityHash is a hash of the agent's affinity configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResourcesHash is a hash of the agent's resources configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerationsHash is a hash of the agent's tolerations configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentConfigChanged"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerURL"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerCAHash"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerCAHash is a hash of the upstream API server CA, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready bundles, nodes and a summary state."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentStatus contains information about the agent."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/635f26b6.e35f3778.js b/assets/js/635f26b6.96e5c51b.js similarity index 99% rename from assets/js/635f26b6.e35f3778.js rename to assets/js/635f26b6.96e5c51b.js index bad17d4be..a689519b7 100644 --- a/assets/js/635f26b6.e35f3778.js +++ b/assets/js/635f26b6.96e5c51b.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8927],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function y(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function v(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(y,(0,a.Z)({},e,t)),r.createElement(v,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},3472:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>d,contentTitle:()=>u,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=n(7462),r=(n(7294),n(3905)),l=(n(6828),n(814)),i=n(4866),s=n(5162);const o={},u="Register Downstream Clusters",c={unversionedId:"cluster-registration",id:"version-0.8/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.8/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.8/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cluster-registration.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.8/installation"},next:{title:"Create Cluster Groups",permalink:"/0.8/cluster-group"}},d={},p=[{value:"Overview",id:"overview",level:2},{value:"Agent-Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager-Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],m={toc:p};function h(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent-initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager-initiated")," registration. Typically one would\ngo with the agent-initiated registration but there are specific use cases in which\nmanager-initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent-Initiated Registration"),(0,r.kt)("p",null,"Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager-Initiated Registration"),(0,r.kt)("p",null,"Manager-initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/0.8/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe ",(0,r.kt)("a",{parentName:"p",href:"/0.8/architecture#security"},"cluster registration token")," is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.8/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.8/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager-initiated registration"),":\nFor manager-initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent-initiated registration the downstream cluster must have a ",(0,r.kt)("a",{parentName:"p",href:"/0.8/architecture#security"},"cluster registration token"),".\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.8/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager-initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/0.8/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}h.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8927],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function y(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function v(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(y,(0,a.Z)({},e,t)),r.createElement(v,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},3472:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>d,contentTitle:()=>u,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=n(7462),r=(n(7294),n(3905)),l=(n(6828),n(814)),i=n(4866),s=n(5162);const o={},u="Register Downstream Clusters",c={unversionedId:"cluster-registration",id:"version-0.8/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.8/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.8/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cluster-registration.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.8/installation"},next:{title:"Create Cluster Groups",permalink:"/0.8/cluster-group"}},d={},p=[{value:"Overview",id:"overview",level:2},{value:"Agent-Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager-Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],m={toc:p};function h(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent-initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager-initiated")," registration. Typically one would\ngo with the agent-initiated registration but there are specific use cases in which\nmanager-initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent-Initiated Registration"),(0,r.kt)("p",null,"Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager-Initiated Registration"),(0,r.kt)("p",null,"Manager-initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/0.8/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe ",(0,r.kt)("a",{parentName:"p",href:"/0.8/architecture#security"},"cluster registration token")," is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.8/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.8/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager-initiated registration"),":\nFor manager-initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent-initiated registration the downstream cluster must have a ",(0,r.kt)("a",{parentName:"p",href:"/0.8/architecture#security"},"cluster registration token"),".\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.8/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager-initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/0.8/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/63e62f73.11e91c68.js b/assets/js/63e62f73.254ef863.js similarity index 98% rename from assets/js/63e62f73.11e91c68.js rename to assets/js/63e62f73.254ef863.js index a19e008c3..ffd5f1891 100644 --- a/assets/js/63e62f73.11e91c68.js +++ b/assets/js/63e62f73.254ef863.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9719],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var i=n.createContext({}),s=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,i=e.parentName,f=c(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(i,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:l,o[1]=c;for(var s=2;s{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>c,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,c={unversionedId:"cli/fleet-controller/fleet-manager",id:"cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/docs/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-controller/fleet-manager.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"}},i={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable local cluster components\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9719],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var i=n.createContext({}),s=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,i=e.parentName,f=c(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(i,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:l,o[1]=c;for(var s=2;s{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>c,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,c={unversionedId:"cli/fleet-controller/fleet-manager",id:"cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/docs/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-controller/fleet-manager.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"}},i={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable local cluster components\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/64b4770e.3dd62aa7.js b/assets/js/64b4770e.36c7c6ad.js similarity index 99% rename from assets/js/64b4770e.3dd62aa7.js rename to assets/js/64b4770e.36c7c6ad.js index 70672c258..2ce0c6239 100644 --- a/assets/js/64b4770e.3dd62aa7.js +++ b/assets/js/64b4770e.36c7c6ad.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8976],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,m=o(e,["components","mdxType","originalType","parentName"]),c=p(n),u=l,h=c["".concat(s,".").concat(u)]||c[u]||d[u]||r;return n?a.createElement(h,i(i({ref:t},m),{},{components:n})):a.createElement(h,i({ref:t},m))}));function u(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=c;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>o,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Git Repository Contents",o={unversionedId:"gitrepo-content",id:"version-0.8/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.8/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.8/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/gitrepo-content.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.8/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.8/namespaces"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"Excluding files and directories from bundles",id:"excluding-files-and-directories-from-bundles",level:3},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],m={toc:p};function d(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,l.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,l.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,l.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,l.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,l.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,l.kt)("p",null,"Multiple paths can be defined for a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,l.kt)("a",{parentName:"p",href:"/0.8/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,l.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"File"),(0,l.kt)("th",{parentName:"tr",align:null},"Location"),(0,l.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,l.kt)("a",{parentName:"td",href:"/0.8/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"}," *.yaml ")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If a ",(0,l.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,l.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")),(0,l.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,l.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,l.kt)("h3",{id:"excluding-files-and-directories-from-bundles"},"Excluding files and directories from bundles"),(0,l.kt)("p",null,"Fleet supports file and directory exclusion by means of ",(0,l.kt)("inlineCode",{parentName:"p"},".fleetignore")," files, in a similar fashion to how ",(0,l.kt)("inlineCode",{parentName:"p"},".gitignore"),"\nfiles behave in git repositories:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Glob syntax is used to match files or directories, using Golang's\n",(0,l.kt)("a",{parentName:"li",href:"https://pkg.go.dev/path/filepath#Match"},(0,l.kt)("inlineCode",{parentName:"a"},"filepath.Match"))),(0,l.kt)("li",{parentName:"ul"},"Empty lines are skipped, and can therefore be used to improve readability"),(0,l.kt)("li",{parentName:"ul"},"Characters like white spaces and ",(0,l.kt)("inlineCode",{parentName:"li"},"#")," can be escaped with a backslash"),(0,l.kt)("li",{parentName:"ul"},"Trailing spaces are ignored, unless escaped"),(0,l.kt)("li",{parentName:"ul"},"Comments, ie lines starting with unescaped ",(0,l.kt)("inlineCode",{parentName:"li"},"#"),", are skipped"),(0,l.kt)("li",{parentName:"ul"},"A given line can match a file or a directory, even if no separator is provided: eg. ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir/*")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," are both\nvalid ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lines, and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," matches both files and directories called ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")),(0,l.kt)("li",{parentName:"ul"},"A match may be found for a file or directory at any level below the directory where a ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lives, ie\n",(0,l.kt)("inlineCode",{parentName:"li"},"foo.yaml")," will match ",(0,l.kt)("inlineCode",{parentName:"li"},"./foo.yaml")," as well as ",(0,l.kt)("inlineCode",{parentName:"li"},"./path/to/foo.yaml")),(0,l.kt)("li",{parentName:"ul"},"Multiple ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," files are supported. For instance, in the following directory structure, only\n",(0,l.kt)("inlineCode",{parentName:"li"},"root/something.yaml"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"bar/something2.yaml")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"foo/something.yaml")," will end up in a bundle:")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"root/\n\u251c\u2500\u2500 .fleetignore # contains `ignore-always.yaml'\n\u251c\u2500\u2500 something.yaml\n\u251c\u2500\u2500 bar\n\u2502\xa0\xa0 \u251c\u2500\u2500 .fleetignore # contains `something.yaml`\n\u2502\xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n\u2502\xa0\xa0 \u251c\u2500\u2500 something2.yaml\n\u2502\xa0\xa0 \u2514\u2500\u2500 something.yaml\n\u2514\u2500\u2500 foo\n \xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n \xa0\xa0 \u2514\u2500\u2500 something.yaml\n")),(0,l.kt)("p",null,"This currently comes with a few limitations, the following not being supported:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Double asterisks (",(0,l.kt)("inlineCode",{parentName:"li"},"**"),")"),(0,l.kt)("li",{parentName:"ul"},"Explicit inclusions with ",(0,l.kt)("inlineCode",{parentName:"li"},"!"))),(0,l.kt)("h2",{id:"fleetyaml"},(0,l.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,l.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,l.kt)("a",{parentName:"p",href:"/0.8/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,l.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,l.kt)("p",null,"The available fields are documented in the ",(0,l.kt)("a",{parentName:"p",href:"/0.8/ref-fleet-yaml"},"fleet.yaml reference")),(0,l.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,l.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,l.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,l.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,l.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,l.kt)("p",null,"These examples showcase the style and format for using ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,l.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,l.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,l.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,l.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,l.kt)("p",null,"The resources can then be referenced from a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,l.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,l.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,l.kt)("p",null,"There are three approaches to matching clusters for both ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,l.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: all\n # Match everything\n clusterSelector: {}\n- name: none\n # Selector ignored\n clusterSelector: null\n")),(0,l.kt)("p",null,"When matching a cluster by name, make sure to use the name of the\n",(0,l.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource. The Rancher UI also has a provisioning and\na management cluster resource. Since the management cluster resource is not\nnamespaced, its name is different and contains a random suffix."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: prod\n clusterName: fleetname\n")),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"gitrepo-targets#customization-per-cluster"},"Mapping to Downstream Clusters")," for more information and a list of supported customizations."),(0,l.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,l.kt)("p",null,"When using Kustomize or Helm the ",(0,l.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,l.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,l.kt)("p",null,"A file named ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,l.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,l.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"/0.8/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8976],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,m=o(e,["components","mdxType","originalType","parentName"]),c=p(n),u=l,h=c["".concat(s,".").concat(u)]||c[u]||d[u]||r;return n?a.createElement(h,i(i({ref:t},m),{},{components:n})):a.createElement(h,i({ref:t},m))}));function u(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=c;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>o,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Git Repository Contents",o={unversionedId:"gitrepo-content",id:"version-0.8/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.8/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.8/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/gitrepo-content.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.8/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.8/namespaces"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"Excluding files and directories from bundles",id:"excluding-files-and-directories-from-bundles",level:3},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],m={toc:p};function d(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,l.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,l.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,l.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,l.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,l.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,l.kt)("p",null,"Multiple paths can be defined for a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,l.kt)("a",{parentName:"p",href:"/0.8/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,l.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"File"),(0,l.kt)("th",{parentName:"tr",align:null},"Location"),(0,l.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,l.kt)("a",{parentName:"td",href:"/0.8/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"}," *.yaml ")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If a ",(0,l.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,l.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")),(0,l.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,l.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,l.kt)("h3",{id:"excluding-files-and-directories-from-bundles"},"Excluding files and directories from bundles"),(0,l.kt)("p",null,"Fleet supports file and directory exclusion by means of ",(0,l.kt)("inlineCode",{parentName:"p"},".fleetignore")," files, in a similar fashion to how ",(0,l.kt)("inlineCode",{parentName:"p"},".gitignore"),"\nfiles behave in git repositories:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Glob syntax is used to match files or directories, using Golang's\n",(0,l.kt)("a",{parentName:"li",href:"https://pkg.go.dev/path/filepath#Match"},(0,l.kt)("inlineCode",{parentName:"a"},"filepath.Match"))),(0,l.kt)("li",{parentName:"ul"},"Empty lines are skipped, and can therefore be used to improve readability"),(0,l.kt)("li",{parentName:"ul"},"Characters like white spaces and ",(0,l.kt)("inlineCode",{parentName:"li"},"#")," can be escaped with a backslash"),(0,l.kt)("li",{parentName:"ul"},"Trailing spaces are ignored, unless escaped"),(0,l.kt)("li",{parentName:"ul"},"Comments, ie lines starting with unescaped ",(0,l.kt)("inlineCode",{parentName:"li"},"#"),", are skipped"),(0,l.kt)("li",{parentName:"ul"},"A given line can match a file or a directory, even if no separator is provided: eg. ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir/*")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," are both\nvalid ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lines, and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," matches both files and directories called ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")),(0,l.kt)("li",{parentName:"ul"},"A match may be found for a file or directory at any level below the directory where a ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lives, ie\n",(0,l.kt)("inlineCode",{parentName:"li"},"foo.yaml")," will match ",(0,l.kt)("inlineCode",{parentName:"li"},"./foo.yaml")," as well as ",(0,l.kt)("inlineCode",{parentName:"li"},"./path/to/foo.yaml")),(0,l.kt)("li",{parentName:"ul"},"Multiple ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," files are supported. For instance, in the following directory structure, only\n",(0,l.kt)("inlineCode",{parentName:"li"},"root/something.yaml"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"bar/something2.yaml")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"foo/something.yaml")," will end up in a bundle:")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"root/\n\u251c\u2500\u2500 .fleetignore # contains `ignore-always.yaml'\n\u251c\u2500\u2500 something.yaml\n\u251c\u2500\u2500 bar\n\u2502\xa0\xa0 \u251c\u2500\u2500 .fleetignore # contains `something.yaml`\n\u2502\xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n\u2502\xa0\xa0 \u251c\u2500\u2500 something2.yaml\n\u2502\xa0\xa0 \u2514\u2500\u2500 something.yaml\n\u2514\u2500\u2500 foo\n \xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n \xa0\xa0 \u2514\u2500\u2500 something.yaml\n")),(0,l.kt)("p",null,"This currently comes with a few limitations, the following not being supported:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Double asterisks (",(0,l.kt)("inlineCode",{parentName:"li"},"**"),")"),(0,l.kt)("li",{parentName:"ul"},"Explicit inclusions with ",(0,l.kt)("inlineCode",{parentName:"li"},"!"))),(0,l.kt)("h2",{id:"fleetyaml"},(0,l.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,l.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,l.kt)("a",{parentName:"p",href:"/0.8/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,l.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,l.kt)("p",null,"The available fields are documented in the ",(0,l.kt)("a",{parentName:"p",href:"/0.8/ref-fleet-yaml"},"fleet.yaml reference")),(0,l.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,l.kt)("a",{parentName:"p",href:"/0.8/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,l.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,l.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,l.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,l.kt)("p",null,"These examples showcase the style and format for using ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,l.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,l.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,l.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,l.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,l.kt)("p",null,"The resources can then be referenced from a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,l.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,l.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,l.kt)("p",null,"There are three approaches to matching clusters for both ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,l.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: all\n # Match everything\n clusterSelector: {}\n- name: none\n # Selector ignored\n clusterSelector: null\n")),(0,l.kt)("p",null,"When matching a cluster by name, make sure to use the name of the\n",(0,l.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource. The Rancher UI also has a provisioning and\na management cluster resource. Since the management cluster resource is not\nnamespaced, its name is different and contains a random suffix."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: prod\n clusterName: fleetname\n")),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"gitrepo-targets#customization-per-cluster"},"Mapping to Downstream Clusters")," for more information and a list of supported customizations."),(0,l.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,l.kt)("p",null,"When using Kustomize or Helm the ",(0,l.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,l.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,l.kt)("p",null,"A file named ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,l.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,l.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"/0.8/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/680ed9ed.f4cfcda7.js b/assets/js/680ed9ed.565a98e9.js similarity index 98% rename from assets/js/680ed9ed.f4cfcda7.js rename to assets/js/680ed9ed.565a98e9.js index 02fce2be1..c5a0d8ccd 100644 --- a/assets/js/680ed9ed.f4cfcda7.js +++ b/assets/js/680ed9ed.565a98e9.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[835],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.4/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.4/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.4/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/manager-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.4/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[835],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),s=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=s(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=s(n),m=a,g=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?r.createElement(g,o(o({ref:t},u),{},{components:n})):r.createElement(g,o({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,o=new Array(i);o[0]=d;var c={};for(var l in t)hasOwnProperty.call(t,l)&&(c[l]=t[l]);c.originalType=e,c.mdxType="string"==typeof e?e:a,o[1]=c;for(var s=2;s{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const i={},o="Manager Initiated",c={unversionedId:"manager-initiated",id:"version-0.4/manager-initiated",title:"Manager Initiated",description:"Refer to the overview page for a background information on the manager initiated registration style.",source:"@site/versioned_docs/version-0.4/manager-initiated.md",sourceDirName:".",slug:"/manager-initiated",permalink:"/0.4/manager-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/manager-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"},next:{title:"Cluster Groups",permalink:"/0.4/cluster-group"}},l={},s=[{value:"Kubeconfig Secret",id:"kubeconfig-secret",level:2},{value:"Example",id:"example",level:2},{value:"Kubeconfig Secret",id:"kubeconfig-secret-1",level:3},{value:"Cluster",id:"cluster",level:3}],u={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"manager-initiated"},"Manager Initiated"),(0,a.kt)("p",null,"Refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the manager initiated registration style."),(0,a.kt)("h2",{id:"kubeconfig-secret"},"Kubeconfig Secret"),(0,a.kt)("p",null,"The manager initiated registration flow is accomplished by creating a\n",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,a.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,a.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,a.kt)("p",null,"The format of this secret is intended to match the ",(0,a.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format"),"\nof the kubeconfig\nsecret used in ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically\nregistered with Fleet."),(0,a.kt)("h2",{id:"example"},"Example"),(0,a.kt)("h3",{id:"kubeconfig-secret-1"},"Kubeconfig Secret"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,a.kt)("h3",{id:"cluster"},"Cluster"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/69dd637e.a513c275.js b/assets/js/69dd637e.a513c275.js new file mode 100644 index 000000000..6129d61dd --- /dev/null +++ b/assets/js/69dd637e.a513c275.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7459],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=a,g=u["".concat(c,".").concat(d)]||u[d]||p[d]||l;return n?r.createElement(g,o(o({ref:t},f),{},{components:n})):r.createElement(g,o({ref:t},f))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.9/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.9/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.9/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Create a Bundle Resource",permalink:"/0.9/bundle-add"},next:{title:"fleet",permalink:"/0.9/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/6a840bac.d11531d5.js b/assets/js/6a840bac.4fb3c915.js similarity index 98% rename from assets/js/6a840bac.d11531d5.js rename to assets/js/6a840bac.4fb3c915.js index ad2feeaf1..69038e5e5 100644 --- a/assets/js/6a840bac.d11531d5.js +++ b/assets/js/6a840bac.4fb3c915.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7203],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var n=a(7294),l=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return n.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var n=a(7462),l=a(7294),r=a(6010),s=a(2466),u=a(6550),o=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:n,default:l}}=e;return{value:t,label:a,attributes:n,default:l}}))}function p(e){const{values:t,children:a}=e;return(0,l.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const n=(0,u.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(n.location.search);t.set(r,e),n.replace({...n.location,search:t.toString()})}),[r,n])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:n}=e,r=p(e),[s,u]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const n=a.find((e=>e.default))??a[0];if(!n)throw new Error("Unexpected error: 0 tabValues");return n.value}({defaultValue:t,tabValues:r}))),[o,i]=m({queryString:a,groupId:n}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[n,r]=(0,c.Nk)(a);return[n,(0,l.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:n}),b=(()=>{const e=o??d;return h({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{b&&u(b)}),[b]);return{selectedValue:s,selectValue:(0,l.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);u(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:u,selectValue:o,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),n=i[a].value;n!==u&&(d(t),o(n))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return l.createElement("li",(0,n.Z)({role:"tab",tabIndex:u===t?0:-1,"aria-selected":u===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":u===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:n}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===n));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==n}))))}function w(e){const t=f(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",g)},l.createElement(v,(0,n.Z)({},e,t)),l.createElement(y,(0,n.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return l.createElement(w,(0,n.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>n});const n={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},820:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>i,metadata:()=>d,toc:()=>h});var n=a(7462),l=(a(7294),a(3905)),r=a(6828),s=a(814),u=a(4866),o=a(5162);const i={},c="Quick Start",d={unversionedId:"quickstart",id:"version-0.6/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.6/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.6/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/quickstart.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.6/"},next:{title:"Creating a Deployment",permalink:"/0.6/tut-deployment"}},p={},h=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],m={toc:h};function f(e){let{components:t,...i}=e;return(0,l.kt)("wrapper",(0,n.Z)({},m,i,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"quick-start"},"Quick Start"),(0,l.kt)("p",null,(0,l.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,l.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,l.kt)("h2",{id:"install"},"Install"),(0,l.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,l.kt)(u.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm")),(0,l.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm"))),(0,l.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.6"].fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d["v0.6"].fleet),(0,l.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,l.kt)("p",null,"Change ",(0,l.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,l.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,l.kt)("h2",{id:"get-status"},"Get Status"),(0,l.kt)("p",null,"Get status of what fleet is doing"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,l.kt)("p",null,"You should see something like this get created in your cluster."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,l.kt)("p",null,"Enjoy and read the ",(0,l.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7203],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var n=a(7294),l=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return n.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var n=a(7462),l=a(7294),r=a(6010),s=a(2466),u=a(6550),o=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:n,default:l}}=e;return{value:t,label:a,attributes:n,default:l}}))}function p(e){const{values:t,children:a}=e;return(0,l.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const n=(0,u.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(n.location.search);t.set(r,e),n.replace({...n.location,search:t.toString()})}),[r,n])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:n}=e,r=p(e),[s,u]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const n=a.find((e=>e.default))??a[0];if(!n)throw new Error("Unexpected error: 0 tabValues");return n.value}({defaultValue:t,tabValues:r}))),[o,i]=m({queryString:a,groupId:n}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[n,r]=(0,c.Nk)(a);return[n,(0,l.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:n}),b=(()=>{const e=o??d;return h({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{b&&u(b)}),[b]);return{selectedValue:s,selectValue:(0,l.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);u(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:u,selectValue:o,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),n=i[a].value;n!==u&&(d(t),o(n))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return l.createElement("li",(0,n.Z)({role:"tab",tabIndex:u===t?0:-1,"aria-selected":u===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":u===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:n}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===n));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==n}))))}function w(e){const t=f(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",g)},l.createElement(v,(0,n.Z)({},e,t)),l.createElement(y,(0,n.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return l.createElement(w,(0,n.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>n});const n={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},820:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>i,metadata:()=>d,toc:()=>h});var n=a(7462),l=(a(7294),a(3905)),r=a(6828),s=a(814),u=a(4866),o=a(5162);const i={},c="Quick Start",d={unversionedId:"quickstart",id:"version-0.6/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.6/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.6/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/quickstart.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.6/"},next:{title:"Creating a Deployment",permalink:"/0.6/tut-deployment"}},p={},h=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],m={toc:h};function f(e){let{components:t,...i}=e;return(0,l.kt)("wrapper",(0,n.Z)({},m,i,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"quick-start"},"Quick Start"),(0,l.kt)("p",null,(0,l.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,l.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,l.kt)("h2",{id:"install"},"Install"),(0,l.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,l.kt)(u.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm")),(0,l.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm"))),(0,l.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.6"].fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d["v0.6"].fleet),(0,l.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,l.kt)("p",null,"Change ",(0,l.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,l.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,l.kt)("h2",{id:"get-status"},"Get Status"),(0,l.kt)("p",null,"Get status of what fleet is doing"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,l.kt)("p",null,"You should see something like this get created in your cluster."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,l.kt)("p",null,"Enjoy and read the ",(0,l.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/6c233221.09b16dbb.js b/assets/js/6c233221.09b16dbb.js new file mode 100644 index 000000000..078cfe7cb --- /dev/null +++ b/assets/js/6c233221.09b16dbb.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9616],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function y(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function v(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(y,(0,a.Z)({},e,t)),r.createElement(v,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},206:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>d,contentTitle:()=>u,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=n(7462),r=(n(7294),n(3905)),l=(n(6828),n(814)),i=n(4866),s=n(5162);const o={},u="Register Downstream Clusters",c={unversionedId:"cluster-registration",id:"version-0.9/cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/versioned_docs/version-0.9/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/0.9/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cluster-registration.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/0.9/installation"},next:{title:"Create Cluster Groups",permalink:"/0.9/cluster-group"}},d={},p=[{value:"Overview",id:"overview",level:2},{value:"Agent-Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager-Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],m={toc:p};function h(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent-initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager-initiated")," registration. Typically one would\ngo with the agent-initiated registration but there are specific use cases in which\nmanager-initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent-Initiated Registration"),(0,r.kt)("p",null,"Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager-Initiated Registration"),(0,r.kt)("p",null,"Manager-initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/0.9/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe ",(0,r.kt)("a",{parentName:"p",href:"/0.9/architecture#security"},"cluster registration token")," is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.9/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/0.9/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager-initiated registration"),":\nFor manager-initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent-initiated registration the downstream cluster must have a ",(0,r.kt)("a",{parentName:"p",href:"/0.9/architecture#security"},"cluster registration token"),".\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.9/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager-initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/0.9/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/6cbe47eb.4b6b6210.js b/assets/js/6cbe47eb.06b715f3.js similarity index 96% rename from assets/js/6cbe47eb.4b6b6210.js rename to assets/js/6cbe47eb.06b715f3.js index c31cf93ee..4d1ed5293 100644 --- a/assets/js/6cbe47eb.4b6b6210.js +++ b/assets/js/6cbe47eb.06b715f3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5117],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=a,g=u["".concat(c,".").concat(d)]||u[d]||p[d]||l;return n?r.createElement(g,o(o({ref:t},f),{},{components:n})):r.createElement(g,o({ref:t},f))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.8/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.8/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.8/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Create a Bundle Resource",permalink:"/0.8/bundle-add"},next:{title:"fleet",permalink:"/0.8/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5117],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=a,g=u["".concat(c,".").concat(d)]||u[d]||p[d]||l;return n?r.createElement(g,o(o({ref:t},f),{},{components:n})):r.createElement(g,o({ref:t},f))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.8/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.8/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.8/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Create a Bundle Resource",permalink:"/0.8/bundle-add"},next:{title:"fleet",permalink:"/0.8/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/6cf4c0df.8cd43b8a.js b/assets/js/6cf4c0df.bb59b79e.js similarity index 98% rename from assets/js/6cf4c0df.8cd43b8a.js rename to assets/js/6cf4c0df.bb59b79e.js index 211933144..14d7c4ba8 100644 --- a/assets/js/6cf4c0df.8cd43b8a.js +++ b/assets/js/6cf4c0df.bb59b79e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2418],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.5/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.5/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.5/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/webhook.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"},next:{title:"Image scan",permalink:"/0.5/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2418],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.5/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.5/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.5/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/webhook.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"},next:{title:"Image scan",permalink:"/0.5/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/6e869bec.4937ebe1.js b/assets/js/6e869bec.4937ebe1.js new file mode 100644 index 000000000..1ce4972a2 --- /dev/null +++ b/assets/js/6e869bec.4937ebe1.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6112],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,m=o(e,["components","mdxType","originalType","parentName"]),c=p(n),u=l,h=c["".concat(s,".").concat(u)]||c[u]||d[u]||r;return n?a.createElement(h,i(i({ref:t},m),{},{components:n})):a.createElement(h,i({ref:t},m))}));function u(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=c;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>o,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Git Repository Contents",o={unversionedId:"gitrepo-content",id:"version-0.9/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.9/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.9/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/gitrepo-content.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.9/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.9/namespaces"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"Excluding files and directories from bundles",id:"excluding-files-and-directories-from-bundles",level:3},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],m={toc:p};function d(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,l.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,l.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,l.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,l.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,l.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,l.kt)("p",null,"Multiple paths can be defined for a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,l.kt)("a",{parentName:"p",href:"/0.9/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,l.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"File"),(0,l.kt)("th",{parentName:"tr",align:null},"Location"),(0,l.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,l.kt)("a",{parentName:"td",href:"/0.9/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"}," *.yaml ")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If a ",(0,l.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,l.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")),(0,l.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,l.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,l.kt)("h3",{id:"excluding-files-and-directories-from-bundles"},"Excluding files and directories from bundles"),(0,l.kt)("p",null,"Fleet supports file and directory exclusion by means of ",(0,l.kt)("inlineCode",{parentName:"p"},".fleetignore")," files, in a similar fashion to how ",(0,l.kt)("inlineCode",{parentName:"p"},".gitignore"),"\nfiles behave in git repositories:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Glob syntax is used to match files or directories, using Golang's\n",(0,l.kt)("a",{parentName:"li",href:"https://pkg.go.dev/path/filepath#Match"},(0,l.kt)("inlineCode",{parentName:"a"},"filepath.Match"))),(0,l.kt)("li",{parentName:"ul"},"Empty lines are skipped, and can therefore be used to improve readability"),(0,l.kt)("li",{parentName:"ul"},"Characters like white spaces and ",(0,l.kt)("inlineCode",{parentName:"li"},"#")," can be escaped with a backslash"),(0,l.kt)("li",{parentName:"ul"},"Trailing spaces are ignored, unless escaped"),(0,l.kt)("li",{parentName:"ul"},"Comments, ie lines starting with unescaped ",(0,l.kt)("inlineCode",{parentName:"li"},"#"),", are skipped"),(0,l.kt)("li",{parentName:"ul"},"A given line can match a file or a directory, even if no separator is provided: eg. ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir/*")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," are both\nvalid ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lines, and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," matches both files and directories called ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")),(0,l.kt)("li",{parentName:"ul"},"A match may be found for a file or directory at any level below the directory where a ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lives, ie\n",(0,l.kt)("inlineCode",{parentName:"li"},"foo.yaml")," will match ",(0,l.kt)("inlineCode",{parentName:"li"},"./foo.yaml")," as well as ",(0,l.kt)("inlineCode",{parentName:"li"},"./path/to/foo.yaml")),(0,l.kt)("li",{parentName:"ul"},"Multiple ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," files are supported. For instance, in the following directory structure, only\n",(0,l.kt)("inlineCode",{parentName:"li"},"root/something.yaml"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"bar/something2.yaml")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"foo/something.yaml")," will end up in a bundle:")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"root/\n\u251c\u2500\u2500 .fleetignore # contains `ignore-always.yaml'\n\u251c\u2500\u2500 something.yaml\n\u251c\u2500\u2500 bar\n\u2502\xa0\xa0 \u251c\u2500\u2500 .fleetignore # contains `something.yaml`\n\u2502\xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n\u2502\xa0\xa0 \u251c\u2500\u2500 something2.yaml\n\u2502\xa0\xa0 \u2514\u2500\u2500 something.yaml\n\u2514\u2500\u2500 foo\n \xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n \xa0\xa0 \u2514\u2500\u2500 something.yaml\n")),(0,l.kt)("p",null,"This currently comes with a few limitations, the following not being supported:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Double asterisks (",(0,l.kt)("inlineCode",{parentName:"li"},"**"),")"),(0,l.kt)("li",{parentName:"ul"},"Explicit inclusions with ",(0,l.kt)("inlineCode",{parentName:"li"},"!"))),(0,l.kt)("h2",{id:"fleetyaml"},(0,l.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,l.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,l.kt)("a",{parentName:"p",href:"/0.9/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,l.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,l.kt)("p",null,"The available fields are documented in the ",(0,l.kt)("a",{parentName:"p",href:"/0.9/ref-fleet-yaml"},"fleet.yaml reference")),(0,l.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,l.kt)("a",{parentName:"p",href:"/0.9/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,l.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,l.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,l.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,l.kt)("p",null,"These examples showcase the style and format for using ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,l.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,l.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,l.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,l.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,l.kt)("p",null,"The resources can then be referenced from a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,l.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,l.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,l.kt)("p",null,"There are three approaches to matching clusters for both ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,l.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: all\n # Match everything\n clusterSelector: {}\n- name: none\n # Selector ignored\n clusterSelector: null\n")),(0,l.kt)("p",null,"When matching a cluster by name, make sure to use the name of the\n",(0,l.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource. The Rancher UI also has a provisioning and\na management cluster resource. Since the management cluster resource is not\nnamespaced, its name is different and contains a random suffix."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: prod\n clusterName: fleetname\n")),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"gitrepo-targets#customization-per-cluster"},"Mapping to Downstream Clusters")," for more information and a list of supported customizations."),(0,l.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,l.kt)("p",null,"When using Kustomize or Helm the ",(0,l.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,l.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,l.kt)("p",null,"A file named ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,l.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,l.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"/0.9/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/6faa62d7.6017ac95.js b/assets/js/6faa62d7.a102ce40.js similarity index 95% rename from assets/js/6faa62d7.6017ac95.js rename to assets/js/6faa62d7.a102ce40.js index 866166a3f..d20bc2c07 100644 --- a/assets/js/6faa62d7.6017ac95.js +++ b/assets/js/6faa62d7.a102ce40.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>g});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),g=a,d=u["".concat(c,".").concat(g)]||u[g]||p[g]||o;return n?r.createElement(d,l(l({ref:t},f),{},{components:n})):r.createElement(d,l({ref:t},f))}));function g(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,l[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet-agent"},l=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.6/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.6/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.6/imagescan"},next:{title:"fleet",permalink:"/0.6/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8539],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>g});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),g=a,d=u["".concat(c,".").concat(g)]||u[g]||p[g]||o;return n?r.createElement(d,l(l({ref:t},f),{},{components:n})):r.createElement(d,l({ref:t},f))}));function g(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,l[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet-agent"},l=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.6/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.6/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.6/imagescan"},next:{title:"fleet",permalink:"/0.6/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/702cd497.8760b326.js b/assets/js/702cd497.ce8f3a3c.js similarity index 97% rename from assets/js/702cd497.8760b326.js rename to assets/js/702cd497.ce8f3a3c.js index 38387cf66..42b1eed4f 100644 --- a/assets/js/702cd497.8760b326.js +++ b/assets/js/702cd497.ce8f3a3c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4895],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.8/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.8/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.8/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-bundle-stages.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.8/concepts"},next:{title:"Git Repository Contents",permalink:"/0.8/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.8/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.8/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.8/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4895],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.8/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.8/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.8/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-bundle-stages.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.8/concepts"},next:{title:"Git Repository Contents",permalink:"/0.8/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.8/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.8/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.8/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file diff --git a/assets/js/7292ec22.d60b71d2.js b/assets/js/7292ec22.1ddc45dd.js similarity index 97% rename from assets/js/7292ec22.d60b71d2.js rename to assets/js/7292ec22.1ddc45dd.js index 9f3bb7491..d45d394c0 100644 --- a/assets/js/7292ec22.d60b71d2.js +++ b/assets/js/7292ec22.1ddc45dd.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2404],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),i=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=i(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},d),{},{components:n})):r.createElement(m,s({ref:t},d))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.6/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.6/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.6/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-bundles-state.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.6/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2404],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),i=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=i(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},d),{},{components:n})):r.createElement(m,s({ref:t},d))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.6/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.6/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.6/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-bundles-state.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.6/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/755aca7b.bf4c4de2.js b/assets/js/755aca7b.44afc5af.js similarity index 98% rename from assets/js/755aca7b.bf4c4de2.js rename to assets/js/755aca7b.44afc5af.js index c17c2a912..dbd1b685c 100644 --- a/assets/js/755aca7b.bf4c4de2.js +++ b/assets/js/755aca7b.44afc5af.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9816],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.5/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.5/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.5/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/installation.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.5/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9816],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.5/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.5/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.5/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/installation.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.5/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.5/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/762abe3e.7869f59a.js b/assets/js/762abe3e.3018aab3.js similarity index 99% rename from assets/js/762abe3e.7869f59a.js rename to assets/js/762abe3e.3018aab3.js index 7383e765e..eba6ad754 100644 --- a/assets/js/762abe3e.7869f59a.js +++ b/assets/js/762abe3e.3018aab3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6961],{3905:(t,e,n)=>{n.d(e,{Zo:()=>m,kt:()=>s});var r=n(7294);function a(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function l(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function o(t){for(var e=1;e=0||(a[n]=t[n]);return a}(t,e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(t);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(t,n)&&(a[n]=t[n])}return a}var p=r.createContext({}),u=function(t){var e=r.useContext(p),n=e;return t&&(n="function"==typeof t?t(e):o(o({},e),t)),n},m=function(t){var e=u(t.components);return r.createElement(p.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return r.createElement(r.Fragment,{},e)}},c=r.forwardRef((function(t,e){var n=t.components,a=t.mdxType,l=t.originalType,p=t.parentName,m=i(t,["components","mdxType","originalType","parentName"]),c=u(n),s=a,g=c["".concat(p,".").concat(s)]||c[s]||d[s]||l;return n?r.createElement(g,o(o({ref:e},m),{},{components:n})):r.createElement(g,o({ref:e},m))}));function s(t,e){var n=arguments,a=e&&e.mdxType;if("string"==typeof t||a){var l=n.length,o=new Array(l);o[0]=c;var i={};for(var p in e)hasOwnProperty.call(e,p)&&(i[p]=e[p]);i.originalType=t,i.mdxType="string"==typeof t?t:a,o[1]=i;for(var u=2;u{n.r(e),n.d(e,{assets:()=>p,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>u});var r=n(7462),a=(n(7294),n(3905));const l={},o="List of Deployed Resources",i={unversionedId:"ref-resources",id:"ref-resources",title:"List of Deployed Resources",description:"After installing Fleet in Rancher these resources are created in the upstream cluster.",source:"@site/docs/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-resources.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/ref-configuration"},next:{title:"Custom Resources Spec",permalink:"/ref-crds"}},p={},u=[],m={toc:u};function d(t){let{components:e,...n}=t;return(0,a.kt)("wrapper",(0,r.Z)({},m,n,{components:e,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"list-of-deployed-resources"},"List of Deployed Resources"),(0,a.kt)("p",null,"After installing Fleet in Rancher these resources are created in the upstream cluster."),(0,a.kt)("table",null,(0,a.kt)("thead",{parentName:"table"},(0,a.kt)("tr",{parentName:"thead"},(0,a.kt)("th",{parentName:"tr",align:null},"Type"),(0,a.kt)("th",{parentName:"tr",align:null},"Name"),(0,a.kt)("th",{parentName:"tr",align:null},"Namespace"))),(0,a.kt)("tbody",{parentName:"table"},(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"From Helm, intial setup:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob-binding"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ConfigMap"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Service"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Generated:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterGroup"),(0,a.kt)("td",{parentName:"tr",align:null},"default"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"For each registered cluster:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null},"by default fleet-default")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"generated"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"BundleDeployment"),(0,a.kt)("td",{parentName:"tr",align:null},"cluster-fleet-local-local-ID"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local")))),(0,a.kt)("p",null,"Also see ","[namespaces]"))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6961],{3905:(t,e,n)=>{n.d(e,{Zo:()=>m,kt:()=>s});var r=n(7294);function a(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function l(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function o(t){for(var e=1;e=0||(a[n]=t[n]);return a}(t,e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(t);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(t,n)&&(a[n]=t[n])}return a}var p=r.createContext({}),u=function(t){var e=r.useContext(p),n=e;return t&&(n="function"==typeof t?t(e):o(o({},e),t)),n},m=function(t){var e=u(t.components);return r.createElement(p.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return r.createElement(r.Fragment,{},e)}},c=r.forwardRef((function(t,e){var n=t.components,a=t.mdxType,l=t.originalType,p=t.parentName,m=i(t,["components","mdxType","originalType","parentName"]),c=u(n),s=a,g=c["".concat(p,".").concat(s)]||c[s]||d[s]||l;return n?r.createElement(g,o(o({ref:e},m),{},{components:n})):r.createElement(g,o({ref:e},m))}));function s(t,e){var n=arguments,a=e&&e.mdxType;if("string"==typeof t||a){var l=n.length,o=new Array(l);o[0]=c;var i={};for(var p in e)hasOwnProperty.call(e,p)&&(i[p]=e[p]);i.originalType=t,i.mdxType="string"==typeof t?t:a,o[1]=i;for(var u=2;u{n.r(e),n.d(e,{assets:()=>p,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>u});var r=n(7462),a=(n(7294),n(3905));const l={},o="List of Deployed Resources",i={unversionedId:"ref-resources",id:"ref-resources",title:"List of Deployed Resources",description:"After installing Fleet in Rancher these resources are created in the upstream cluster.",source:"@site/docs/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-resources.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/ref-configuration"},next:{title:"Custom Resources Spec",permalink:"/ref-crds"}},p={},u=[],m={toc:u};function d(t){let{components:e,...n}=t;return(0,a.kt)("wrapper",(0,r.Z)({},m,n,{components:e,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"list-of-deployed-resources"},"List of Deployed Resources"),(0,a.kt)("p",null,"After installing Fleet in Rancher these resources are created in the upstream cluster."),(0,a.kt)("table",null,(0,a.kt)("thead",{parentName:"table"},(0,a.kt)("tr",{parentName:"thead"},(0,a.kt)("th",{parentName:"tr",align:null},"Type"),(0,a.kt)("th",{parentName:"tr",align:null},"Name"),(0,a.kt)("th",{parentName:"tr",align:null},"Namespace"))),(0,a.kt)("tbody",{parentName:"table"},(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"From Helm, intial setup:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob-binding"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ConfigMap"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Service"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Generated:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterGroup"),(0,a.kt)("td",{parentName:"tr",align:null},"default"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"For each registered cluster:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null},"by default fleet-default")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"generated"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"BundleDeployment"),(0,a.kt)("td",{parentName:"tr",align:null},"cluster-fleet-local-local-ID"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local")))),(0,a.kt)("p",null,"Also see ","[namespaces]"))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/7712976a.824ecded.js b/assets/js/7712976a.dad13f43.js similarity index 99% rename from assets/js/7712976a.824ecded.js rename to assets/js/7712976a.dad13f43.js index 166526a26..c96ac0da5 100644 --- a/assets/js/7712976a.824ecded.js +++ b/assets/js/7712976a.dad13f43.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3551],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.8/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).",source:"@site/versioned_docs/version-0.8/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.8/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/webhook.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.8/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.8/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens)."),(0,r.kt)("p",null,"For installations with multiple tens up to hundreds of Git repos, and in general to reduce latency (the time between a push to Git and fleet reacting to it), configuring webhooks is recommended instead of polling."),(0,r.kt)("p",null,"Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3551],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.8/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).",source:"@site/versioned_docs/version-0.8/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.8/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/webhook.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.8/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.8/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens)."),(0,r.kt)("p",null,"For installations with multiple tens up to hundreds of Git repos, and in general to reduce latency (the time between a push to Git and fleet reacting to it), configuring webhooks is recommended instead of polling."),(0,r.kt)("p",null,"Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/77fc540a.c30b83cb.js b/assets/js/77fc540a.2810ce60.js similarity index 96% rename from assets/js/77fc540a.c30b83cb.js rename to assets/js/77fc540a.2810ce60.js index 0299f8d77..982d98e68 100644 --- a/assets/js/77fc540a.c30b83cb.js +++ b/assets/js/77fc540a.2810ce60.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5600],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=a,g=u["".concat(c,".").concat(d)]||u[d]||p[d]||l;return n?r.createElement(g,o(o({ref:t},f),{},{components:n})):r.createElement(g,o({ref:t},f))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.7/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.7/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.7/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Create a Bundle Resource",permalink:"/0.7/bundle-add"},next:{title:"fleet",permalink:"/0.7/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5600],{3905:(e,t,n)=>{n.d(t,{Zo:()=>f,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},f=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=a,g=u["".concat(c,".").concat(d)]||u[d]||p[d]||l;return n?r.createElement(g,o(o({ref:t},f),{},{components:n})):r.createElement(g,o({ref:t},f))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>l,metadata:()=>i,toc:()=>s});var r=n(7462),a=(n(7294),n(3905));const l={title:"",sidebar_label:"fleet-agent"},o=void 0,i={unversionedId:"cli/fleet-agent/fleet-agent",id:"version-0.7/cli/fleet-agent/fleet-agent",title:"",description:"fleet-agent",source:"@site/versioned_docs/version-0.7/cli/fleet-agent/fleet-agent.md",sourceDirName:"cli/fleet-agent",slug:"/cli/fleet-agent/",permalink:"/0.7/cli/fleet-agent/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-agent/fleet-agent.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-agent"},sidebar:"docs",previous:{title:"Create a Bundle Resource",permalink:"/0.7/bundle-add"},next:{title:"fleet",permalink:"/0.7/cli/fleet-cli/fleet"}},c={},s=[{value:"fleet-agent",id:"fleet-agent",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},f,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h2",{id:"fleet-agent"},"fleet-agent"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"fleet-agent [flags]\n")),(0,a.kt)("h3",{id:"options"},"Options"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"}," --agent-scope string An identifier used to scope the agent bundleID names, typically the same as namespace\n --checkin-interval string How often to post cluster status\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet-agent\n --kubeconfig string kubeconfig file\n --namespace string namespace to watch\n --simulators int Numbers of simulators to run\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/7a815aed.f559bfd0.js b/assets/js/7a815aed.e4184f59.js similarity index 98% rename from assets/js/7a815aed.f559bfd0.js rename to assets/js/7a815aed.e4184f59.js index a4314a467..c0e3743c0 100644 --- a/assets/js/7a815aed.f559bfd0.js +++ b/assets/js/7a815aed.e4184f59.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[488],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.6/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.6/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.6/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/webhook.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.6/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.6/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[488],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.6/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.6/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.6/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/webhook.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.6/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.6/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/7b64d2e8.32700a39.js b/assets/js/7b64d2e8.1b5f3a19.js similarity index 98% rename from assets/js/7b64d2e8.32700a39.js rename to assets/js/7b64d2e8.1b5f3a19.js index 2f0d2621b..32d2342a4 100644 --- a/assets/js/7b64d2e8.32700a39.js +++ b/assets/js/7b64d2e8.1b5f3a19.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1416],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,h=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?a.createElement(h,o(o({ref:t},p),{},{components:n})):a.createElement(h,o({ref:t},p))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},o="Create a Bundle Resource",i={unversionedId:"bundle-add",id:"bundle-add",title:"Create a Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created",source:"@site/docs/bundle-add.md",sourceDirName:".",slug:"/bundle-add",permalink:"/bundle-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/bundle-add.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/imagescan"},next:{title:"fleet-agent",permalink:"/cli/fleet-agent/"}},s={},c=[{value:"Limitations",id:"limitations",level:2},{value:"Convert a Helm Chart into a Bundle",id:"convert-a-helm-chart-into-a-bundle",level:2}],p={toc:c};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-bundle-resource"},"Create a Bundle Resource"),(0,r.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created. In most cases ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundles")," should not be created\nmanually by the user. If you want to deploy resources from a git repository use a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-add"},"GitRepo")," instead."),(0,r.kt)("p",null,"If you want to deploy resources without a git repository follow this guide to create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle"),"."),(0,r.kt)("p",null,"When creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," Fleet will fetch the resources from a git repository, and add them to a Bundle.\nWhen creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," resources need to be explicitly specified in the ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," Spec.\nResources can be compressed with gz. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher/blob/v2.7.3/pkg/controllers/provisioningv2/managedchart/managedchart.go#L149-L153"},"here"),"\nan example of how Rancher uses compression in go code."),(0,r.kt)("p",null,"If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),".\nSee ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-targets#defining-targets"},"Mapping to Downstream Clusters"),"."),(0,r.kt)("p",null,"The following example creates a nginx ",(0,r.kt)("inlineCode",{parentName:"p"},"Deployment")," in the local cluster:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n resources:\n # List of all resources that will be deployed\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n targets:\n - clusterName: local\n\n")),(0,r.kt)("h2",{id:"limitations"},"Limitations"),(0,r.kt)("p",null,"Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.repo")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.charts"))),(0,r.kt)("p",null,"You can't use a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in resources, it is only used by the fleet-cli to create bundles."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targetRestrictions")," field is not useful, as it is an allow list for targets specified in ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets"),". It is not needed, since ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," are explicitly given in a bundle and an empty ",(0,r.kt)("inlineCode",{parentName:"p"},"targetRestrictions")," defaults to allow."),(0,r.kt)("h2",{id:"convert-a-helm-chart-into-a-bundle"},"Convert a Helm Chart into a Bundle"),(0,r.kt)("p",null,"You can use the Fleet CLI to convert a Helm chart into a bundle."),(0,r.kt)("p",null,'For example, you can download and convert the "external secrets" operator chart like this:'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"cat > targets.yaml < app/fleet.yaml < eso-bundle.yaml\n\nkubectl apply -f eso-bundle.yaml\n")),(0,r.kt)("p",null,"Make sure you use a cluster selector in ",(0,r.kt)("inlineCode",{parentName:"p"},"targets.yaml"),", that matches all clusters you want to deploy to."),(0,r.kt)("p",null,"The blog post on ",(0,r.kt)("a",{parentName:"p",href:"https://www.suse.com/c/rancher_blog/fleet-multi-cluster-deployment-with-the-help-of-external-secrets/"},"Fleet: Multi-Cluster Deployment with the Help of External Secrets")," has more information."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1416],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,h=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?a.createElement(h,o(o({ref:t},p),{},{components:n})):a.createElement(h,o({ref:t},p))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},o="Create a Bundle Resource",i={unversionedId:"bundle-add",id:"bundle-add",title:"Create a Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created",source:"@site/docs/bundle-add.md",sourceDirName:".",slug:"/bundle-add",permalink:"/bundle-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/bundle-add.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/imagescan"},next:{title:"fleet-agent",permalink:"/cli/fleet-agent/"}},s={},c=[{value:"Limitations",id:"limitations",level:2},{value:"Convert a Helm Chart into a Bundle",id:"convert-a-helm-chart-into-a-bundle",level:2}],p={toc:c};function u(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-bundle-resource"},"Create a Bundle Resource"),(0,r.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created. In most cases ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundles")," should not be created\nmanually by the user. If you want to deploy resources from a git repository use a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-add"},"GitRepo")," instead."),(0,r.kt)("p",null,"If you want to deploy resources without a git repository follow this guide to create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle"),"."),(0,r.kt)("p",null,"When creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," Fleet will fetch the resources from a git repository, and add them to a Bundle.\nWhen creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," resources need to be explicitly specified in the ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," Spec.\nResources can be compressed with gz. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher/blob/v2.7.3/pkg/controllers/provisioningv2/managedchart/managedchart.go#L149-L153"},"here"),"\nan example of how Rancher uses compression in go code."),(0,r.kt)("p",null,"If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),".\nSee ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-targets#defining-targets"},"Mapping to Downstream Clusters"),"."),(0,r.kt)("p",null,"The following example creates a nginx ",(0,r.kt)("inlineCode",{parentName:"p"},"Deployment")," in the local cluster:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n resources:\n # List of all resources that will be deployed\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n targets:\n - clusterName: local\n\n")),(0,r.kt)("h2",{id:"limitations"},"Limitations"),(0,r.kt)("p",null,"Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.repo")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.charts"))),(0,r.kt)("p",null,"You can't use a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in resources, it is only used by the fleet-cli to create bundles."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targetRestrictions")," field is not useful, as it is an allow list for targets specified in ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets"),". It is not needed, since ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," are explicitly given in a bundle and an empty ",(0,r.kt)("inlineCode",{parentName:"p"},"targetRestrictions")," defaults to allow."),(0,r.kt)("h2",{id:"convert-a-helm-chart-into-a-bundle"},"Convert a Helm Chart into a Bundle"),(0,r.kt)("p",null,"You can use the Fleet CLI to convert a Helm chart into a bundle."),(0,r.kt)("p",null,'For example, you can download and convert the "external secrets" operator chart like this:'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"cat > targets.yaml < app/fleet.yaml < eso-bundle.yaml\n\nkubectl apply -f eso-bundle.yaml\n")),(0,r.kt)("p",null,"Make sure you use a cluster selector in ",(0,r.kt)("inlineCode",{parentName:"p"},"targets.yaml"),", that matches all clusters you want to deploy to."),(0,r.kt)("p",null,"The blog post on ",(0,r.kt)("a",{parentName:"p",href:"https://www.suse.com/c/rancher_blog/fleet-multi-cluster-deployment-with-the-help-of-external-secrets/"},"Fleet: Multi-Cluster Deployment with the Help of External Secrets")," has more information."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/7c4790a0.13e86a05.js b/assets/js/7c4790a0.13e86a05.js new file mode 100644 index 000000000..caa90758b --- /dev/null +++ b/assets/js/7c4790a0.13e86a05.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9164],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.9/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.9/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.9/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cluster-group.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.9/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.9/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/7c5d32d8.6f425bf3.js b/assets/js/7c5d32d8.c95c0296.js similarity index 86% rename from assets/js/7c5d32d8.6f425bf3.js rename to assets/js/7c5d32d8.c95c0296.js index 75c8f7ab7..83a00b7ce 100644 --- a/assets/js/7c5d32d8.6f425bf3.js +++ b/assets/js/7c5d32d8.c95c0296.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6250],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||l;return n?r.createElement(h,o(o({ref:t},p),{},{components:n})):r.createElement(h,o({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const l={},o="Core Concepts",s={unversionedId:"concepts",id:"version-0.4/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.4/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.4/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/concepts.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.4/quickstart"},next:{title:"Architecture",permalink:"/0.4/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6250],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.4/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.4/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.4/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/concepts.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.4/quickstart"},next:{title:"Architecture",permalink:"/0.4/architecture"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.4/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"lifecycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#lifecycle-of-a-fleet-bundle"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.4/examples#deploy-kubernetes-manifests-across-clusters-with-customization"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/7f3d36ad.cb47f044.js b/assets/js/7f3d36ad.7136c11a.js similarity index 98% rename from assets/js/7f3d36ad.cb47f044.js rename to assets/js/7f3d36ad.7136c11a.js index 0460c014f..ffe515283 100644 --- a/assets/js/7f3d36ad.cb47f044.js +++ b/assets/js/7f3d36ad.7136c11a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6255],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.5/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.5/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.5/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/architecture.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.5/concepts"},next:{title:"Examples",permalink:"/0.5/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.5/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6255],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),h=c(n),d=a,m=h["".concat(l,".").concat(d)]||h[d]||p[d]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=h;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Architecture",i={unversionedId:"architecture",id:"version-0.5/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.5/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.5/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/architecture.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.5/concepts"},next:{title:"Examples",permalink:"/0.5/examples"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.5/manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/8003b96f.0495e73a.js b/assets/js/8003b96f.0495e73a.js new file mode 100644 index 000000000..17130c3cb --- /dev/null +++ b/assets/js/8003b96f.0495e73a.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9940],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.9/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.9/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.9/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/bundle-diffs.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.9/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.9/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,"In this simple example, we create a Service and ConfigMap that we apply a bundle diff onto."),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec."),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/8070e160.e7b2c56f.js b/assets/js/8070e160.5e336099.js similarity index 98% rename from assets/js/8070e160.e7b2c56f.js rename to assets/js/8070e160.5e336099.js index 62e26d15a..4b6506a6f 100644 --- a/assets/js/8070e160.e7b2c56f.js +++ b/assets/js/8070e160.5e336099.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2651],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},2257:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>m,frontMatter:()=>u,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),r=(a(6828),a(814)),s=a(4866),o=a(5162);const u={},i="Quick Start",c={unversionedId:"quickstart",id:"quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/docs/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/quickstart.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/"},next:{title:"Creating a Deployment",permalink:"/tut-deployment"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],h={toc:p};function m(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null," Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is\nfairly straightforward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)(s.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd\n","helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet"),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}m.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2651],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},2257:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>m,frontMatter:()=>u,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),r=(a(6828),a(814)),s=a(4866),o=a(5162);const u={},i="Quick Start",c={unversionedId:"quickstart",id:"quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/docs/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/quickstart.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/"},next:{title:"Creating a Deployment",permalink:"/tut-deployment"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],h={toc:p};function m(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null," Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is\nfairly straightforward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)(s.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd\n","helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet"),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}m.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/82782dff.e789273b.js b/assets/js/82782dff.f7feaec1.js similarity index 97% rename from assets/js/82782dff.e789273b.js rename to assets/js/82782dff.f7feaec1.js index efdb92cb4..397e95b04 100644 --- a/assets/js/82782dff.e789273b.js +++ b/assets/js/82782dff.f7feaec1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7811],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.6/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.6/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.6/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.6/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7811],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.6/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.6/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.6/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.6/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/8307bb82.7165b2e8.js b/assets/js/8307bb82.c0af9b90.js similarity index 98% rename from assets/js/8307bb82.7165b2e8.js rename to assets/js/8307bb82.c0af9b90.js index aae586c34..ea0e2141a 100644 --- a/assets/js/8307bb82.7165b2e8.js +++ b/assets/js/8307bb82.c0af9b90.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5386],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.6/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.6/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.6/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/architecture.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.6/uninstall"},next:{title:"Core Concepts",permalink:"/0.6/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5386],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.6/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.6/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.6/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/architecture.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.6/uninstall"},next:{title:"Core Concepts",permalink:"/0.6/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file diff --git a/assets/js/834808ff.d4396567.js b/assets/js/834808ff.a6e71b72.js similarity index 98% rename from assets/js/834808ff.d4396567.js rename to assets/js/834808ff.a6e71b72.js index 5adb63ab7..3eef310b4 100644 --- a/assets/js/834808ff.d4396567.js +++ b/assets/js/834808ff.a6e71b72.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3814],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(r),g=a,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||i;return r?n.createElement(m,s(s({ref:t},u),{},{components:r})):n.createElement(m,s({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,s=new Array(i);s[0]=d;var o={};for(var l in t)hasOwnProperty.call(t,l)&&(o[l]=t[l]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},s="Cluster Registration Internals",o={unversionedId:"ref-registration",id:"ref-registration",title:"Cluster Registration Internals",description:"How does cluster registration work?",source:"@site/docs/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-registration.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"},next:{title:"Configuration",permalink:"/ref-configuration"}},l={},c=[{value:"How does cluster registration work?",id:"how-does-cluster-registration-work",level:2},{value:"Cluster first",id:"cluster-first",level:4},{value:"Cluster -> ClusterRegistrationToken + Import Account",id:"cluster---clusterregistrationtoken--import-account",level:4},{value:"Fleet-Agent -> ClusterRegistration",id:"fleet-agent---clusterregistration",level:4},{value:"Notes",id:"notes",level:3},{value:"Diagram",id:"diagram",level:2},{value:"Process",id:"process",level:3},{value:"Secrets",id:"secrets",level:3}],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("h2",{id:"how-does-cluster-registration-work"},"How does cluster registration work?"),(0,a.kt)("p",null,"This text describes cluster registration with more technical details. The text ignores agent initiated registration, as it\u2019s not commonly used.\n",(0,a.kt)("a",{parentName:"p",href:"/cluster-registration#agent-initiated"},"Agent initiated registration")," is ",(0,a.kt)("a",{parentName:"p",href:"/cluster-registration#create-cluster-registration-tokens"},'"',(0,a.kt)("inlineCode",{parentName:"a"},"ClusterRegistrationToken"),' first"'),", which means pre-creating a cluster is optional."),(0,a.kt)("p",null,'See "',(0,a.kt)("a",{parentName:"p",href:"/cluster-registration"},"Register Downstream Clusters"),'" to learn how to register clusters.'),(0,a.kt)("h4",{id:"cluster-first"},"Cluster first"),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller"),' starts up and may "bootstrap" the local cluster resource. In Rancher creating the local cluster resource is handlded by the fleetcluster controller instead, but otherwise the process is identical.'),(0,a.kt)("p",null,"For manager initiated registration the process is identical for the local cluster or any downstream cluster. It starts by creating a cluster resource, which refers to a kubeconfig secret."),(0,a.kt)("h4",{id:"cluster---clusterregistrationtoken--import-account"},"Cluster -> ClusterRegistrationToken + Import Account"),(0,a.kt)("p",null,"Now that a cluster resource exists, ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and runs ",(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," to create the fleet-agent deployment.\u2028",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," also creates a ",(0,a.kt)("a",{parentName:"p",href:"/architecture#security"},(0,a.kt)("inlineCode",{parentName:"a"},"clusterregistrationtoken"))," and waits for it to be complete. The ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistationtoken")," triggers the creation of the import service account, which can create ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistrations"),' and read any secret in the system registration namespace (eg "cattle-fleet-clusters-system").\nThe ',(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," will enqueue itself until the import service account exists, because that\u2019s needed to create the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret.\nNow, the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," and the bootstrap secret are present on the downstream cluster"),(0,a.kt)("h4",{id:"fleet-agent---clusterregistration"},"Fleet-Agent -> ClusterRegistration"),(0,a.kt)("p",null,"Immediately the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," checks for a ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret (which contains the import kubeconfig) and starts registering if present. Then ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," creates a clusterregistration resource in fleet-default on the management cluster, with a random number. The random number will be used for the registration secret\u2019s name."),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and tries to grant the clusterregistration request to create ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent"),"\u2019s serviceaccount and create the ",(0,a.kt)("inlineCode",{parentName:"p"},"\u2018c-*\u2019")," registration secret with the clients new kubeconfig.\nThe registration secret name is ",(0,a.kt)("inlineCode",{parentName:"p"},'hash("clientID-clientRandom")'),'. The new kubeconfig uses the "request" account. The request account can access the cluster status, ',(0,a.kt)("inlineCode",{parentName:"p"},"bundledeployments")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"contents"),"."),(0,a.kt)("h3",{id:"notes"},"Notes"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},'The registration starts with the "import" account and pivots to the "request" account.'),(0,a.kt)("li",{parentName:"ul"},"The fleet-default namespace has all the cluster registrations, the import account uses a separate namespace."),(0,a.kt)("li",{parentName:"ul"},"Once the agent is registered, ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will trigger on a cluster/namespace change and call manageagent to create a bundle. The agent will update itself to the bundle and since the generation env var changes it will restart."),(0,a.kt)("li",{parentName:"ul"},"If no bootstrap secret exists, the agent will not re-register.")),(0,a.kt)("h2",{id:"diagram"},"Diagram"),(0,a.kt)("h3",{id:"process"},"Process"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})),(0,a.kt)("h3",{id:"secrets"},"Secrets"),(0,a.kt)("p",null,"This diagram shows the resources created during registration and focuses on the k8s API server configuration."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration Secrets",src:r(4408).Z,width:"1581",height:"4162"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"},4408:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistrationSecrets-deae20b127f82ebcf32a5c593b53b912.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3814],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,l=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(r),g=a,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||i;return r?n.createElement(m,s(s({ref:t},u),{},{components:r})):n.createElement(m,s({ref:t},u))}));function g(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,s=new Array(i);s[0]=d;var o={};for(var l in t)hasOwnProperty.call(t,l)&&(o[l]=t[l]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const i={},s="Cluster Registration Internals",o={unversionedId:"ref-registration",id:"ref-registration",title:"Cluster Registration Internals",description:"How does cluster registration work?",source:"@site/docs/ref-registration.md",sourceDirName:".",slug:"/ref-registration",permalink:"/ref-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-registration.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle State",permalink:"/cluster-bundles-state"},next:{title:"Configuration",permalink:"/ref-configuration"}},l={},c=[{value:"How does cluster registration work?",id:"how-does-cluster-registration-work",level:2},{value:"Cluster first",id:"cluster-first",level:4},{value:"Cluster -> ClusterRegistrationToken + Import Account",id:"cluster---clusterregistrationtoken--import-account",level:4},{value:"Fleet-Agent -> ClusterRegistration",id:"fleet-agent---clusterregistration",level:4},{value:"Notes",id:"notes",level:3},{value:"Diagram",id:"diagram",level:2},{value:"Process",id:"process",level:3},{value:"Secrets",id:"secrets",level:3}],u={toc:c};function p(e){let{components:t,...i}=e;return(0,a.kt)("wrapper",(0,n.Z)({},u,i,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-registration-internals"},"Cluster Registration Internals"),(0,a.kt)("h2",{id:"how-does-cluster-registration-work"},"How does cluster registration work?"),(0,a.kt)("p",null,"This text describes cluster registration with more technical details. The text ignores agent initiated registration, as it\u2019s not commonly used.\n",(0,a.kt)("a",{parentName:"p",href:"/cluster-registration#agent-initiated"},"Agent initiated registration")," is ",(0,a.kt)("a",{parentName:"p",href:"/cluster-registration#create-cluster-registration-tokens"},'"',(0,a.kt)("inlineCode",{parentName:"a"},"ClusterRegistrationToken"),' first"'),", which means pre-creating a cluster is optional."),(0,a.kt)("p",null,'See "',(0,a.kt)("a",{parentName:"p",href:"/cluster-registration"},"Register Downstream Clusters"),'" to learn how to register clusters.'),(0,a.kt)("h4",{id:"cluster-first"},"Cluster first"),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller"),' starts up and may "bootstrap" the local cluster resource. In Rancher creating the local cluster resource is handlded by the fleetcluster controller instead, but otherwise the process is identical.'),(0,a.kt)("p",null,"For manager initiated registration the process is identical for the local cluster or any downstream cluster. It starts by creating a cluster resource, which refers to a kubeconfig secret."),(0,a.kt)("h4",{id:"cluster---clusterregistrationtoken--import-account"},"Cluster -> ClusterRegistrationToken + Import Account"),(0,a.kt)("p",null,"Now that a cluster resource exists, ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and runs ",(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," to create the fleet-agent deployment.\u2028",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," also creates a ",(0,a.kt)("a",{parentName:"p",href:"/architecture#security"},(0,a.kt)("inlineCode",{parentName:"a"},"clusterregistrationtoken"))," and waits for it to be complete. The ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistationtoken")," triggers the creation of the import service account, which can create ",(0,a.kt)("inlineCode",{parentName:"p"},"clusterregistrations"),' and read any secret in the system registration namespace (eg "cattle-fleet-clusters-system").\nThe ',(0,a.kt)("inlineCode",{parentName:"p"},"import.go")," will enqueue itself until the import service account exists, because that\u2019s needed to create the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret.\nNow, the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," and the bootstrap secret are present on the downstream cluster"),(0,a.kt)("h4",{id:"fleet-agent---clusterregistration"},"Fleet-Agent -> ClusterRegistration"),(0,a.kt)("p",null,"Immediately the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," checks for a ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent-bootstrap")," secret (which contains the import kubeconfig) and starts registering if present. Then ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," creates a clusterregistration resource in fleet-default on the management cluster, with a random number. The random number will be used for the registration secret\u2019s name."),(0,a.kt)("p",null,(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," triggers and tries to grant the clusterregistration request to create ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent"),"\u2019s serviceaccount and create the ",(0,a.kt)("inlineCode",{parentName:"p"},"\u2018c-*\u2019")," registration secret with the clients new kubeconfig.\nThe registration secret name is ",(0,a.kt)("inlineCode",{parentName:"p"},'hash("clientID-clientRandom")'),'. The new kubeconfig uses the "request" account. The request account can access the cluster status, ',(0,a.kt)("inlineCode",{parentName:"p"},"bundledeployments")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"contents"),"."),(0,a.kt)("h3",{id:"notes"},"Notes"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},'The registration starts with the "import" account and pivots to the "request" account.'),(0,a.kt)("li",{parentName:"ul"},"The fleet-default namespace has all the cluster registrations, the import account uses a separate namespace."),(0,a.kt)("li",{parentName:"ul"},"Once the agent is registered, ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will trigger on a cluster/namespace change and call manageagent to create a bundle. The agent will update itself to the bundle and since the generation env var changes it will restart."),(0,a.kt)("li",{parentName:"ul"},"If no bootstrap secret exists, the agent will not re-register.")),(0,a.kt)("h2",{id:"diagram"},"Diagram"),(0,a.kt)("h3",{id:"process"},"Process"),(0,a.kt)("p",null,"Detailed analysis of the registration process for clusters. This shows the interaction of controllers, resources and service accounts during the registration of a new downstream cluster or the local cluster.\nIt's important to note that there are multiple ways to start this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Creating a bootstrap config. Fleet does this for the local agent."),(0,a.kt)("li",{parentName:"ul"},"Creating a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource with a kubeconfig. Rancher does this for downstream clusters. See ",(0,a.kt)("a",{parentName:"li",href:"/cluster-registration#manager-initiated"},"manager-initiated registration"),"."),(0,a.kt)("li",{parentName:"ul"},"Create a ",(0,a.kt)("inlineCode",{parentName:"li"},"ClusterRegistrationToken")," resource, optionally create a ",(0,a.kt)("inlineCode",{parentName:"li"},"Cluster")," resource for a pre-defined (",(0,a.kt)("inlineCode",{parentName:"li"},"clientID"),") cluster. See ",(0,a.kt)("a",{parentName:"li",href:"/cluster-registration#agent-initiated"},"agent-initiated registration"),".")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration",src:r(2364).Z,width:"3700",height:"2492"})),(0,a.kt)("h3",{id:"secrets"},"Secrets"),(0,a.kt)("p",null,"This diagram shows the resources created during registration and focuses on the k8s API server configuration."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Registration Secrets",src:r(4408).Z,width:"1581",height:"4162"})))}p.isMDXComponent=!0},2364:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistration-e49565723b02880b6dd7fa0ddc1fdbe2.svg"},4408:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetRegistrationSecrets-deae20b127f82ebcf32a5c593b53b912.svg"}}]); \ No newline at end of file diff --git a/assets/js/847b3bc4.12c61fdf.js b/assets/js/847b3bc4.b01e9f0a.js similarity index 96% rename from assets/js/847b3bc4.12c61fdf.js rename to assets/js/847b3bc4.b01e9f0a.js index eff8c8485..396f61027 100644 --- a/assets/js/847b3bc4.12c61fdf.js +++ b/assets/js/847b3bc4.b01e9f0a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5435],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.5/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.5/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.5/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/uninstall.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5435],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||a;return n?r.createElement(d,o(o({ref:t},u),{},{components:n})):r.createElement(d,o({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.5/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.5/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.5/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/uninstall.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/857d18b5.36e065c7.js b/assets/js/857d18b5.9e2f9018.js similarity index 99% rename from assets/js/857d18b5.36e065c7.js rename to assets/js/857d18b5.9e2f9018.js index 55dee69b9..f713479c6 100644 --- a/assets/js/857d18b5.36e065c7.js +++ b/assets/js/857d18b5.9e2f9018.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6076],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.6/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.6/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.6/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/troubleshooting.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.6/ref-gitrepo"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.6/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6076],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.6/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.6/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.6/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/troubleshooting.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.6/ref-gitrepo"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.6/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/87469ac3.d5a34b8c.js b/assets/js/87469ac3.b088fff5.js similarity index 99% rename from assets/js/87469ac3.d5a34b8c.js rename to assets/js/87469ac3.b088fff5.js index fe58cd9ab..fc64ef8e3 100644 --- a/assets/js/87469ac3.d5a34b8c.js +++ b/assets/js/87469ac3.b088fff5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7579],{3905:(t,e,a)=>{a.d(e,{Zo:()=>d,kt:()=>s});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},d=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},k={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,d=p(t,["components","mdxType","originalType","parentName"]),N=u(a),s=l,o=N["".concat(m,".").concat(s)]||N[s]||k[s]||r;return a?n.createElement(o,i(i({ref:e},d),{},{components:a})):n.createElement(o,i({ref:e},d))}));function s(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>k,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",p={unversionedId:"ref-crds",id:"version-0.7/ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/versioned_docs/version-0.7/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.7/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-crds.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.7/ref-configuration"},next:{title:"fleet.yaml",permalink:"/0.7/ref-fleet-yaml"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"IgnoreOptions",id:"ignoreoptions",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],d={toc:u};function k(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},d,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#ignoreoptions"},"IgnoreOptions"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gittarget"},"GitTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contain the actual resources from the git repo which will be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleresource"},"BundleResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions restrict which clusters the bundle will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ignore"),(0,l.kt)("td",{parentName:"tr",align:null},"Ignore refers to the fields that will not be considered when monitoring the status."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#operation"},"Operation")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partition"},"Partition")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"ignoreoptions"},"IgnoreOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"conditions to be ignored"),(0,l.kt)("td",{parentName:"tr",align:null},"[]map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}k.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7579],{3905:(t,e,a)=>{a.d(e,{Zo:()=>d,kt:()=>s});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},d=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},k={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,d=p(t,["components","mdxType","originalType","parentName"]),N=u(a),s=l,o=N["".concat(m,".").concat(s)]||N[s]||k[s]||r;return a?n.createElement(o,i(i({ref:e},d),{},{components:a})):n.createElement(o,i({ref:e},d))}));function s(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>k,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",p={unversionedId:"ref-crds",id:"version-0.7/ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/versioned_docs/version-0.7/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.7/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-crds.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.7/ref-configuration"},next:{title:"fleet.yaml",permalink:"/0.7/ref-fleet-yaml"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"IgnoreOptions",id:"ignoreoptions",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],d={toc:u};function k(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},d,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#ignoreoptions"},"IgnoreOptions"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gittarget"},"GitTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contain the actual resources from the git repo which will be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleresource"},"BundleResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions restrict which clusters the bundle will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ignore"),(0,l.kt)("td",{parentName:"tr",align:null},"Ignore refers to the fields that will not be considered when monitoring the status."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#operation"},"Operation")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partition"},"Partition")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"ignoreoptions"},"IgnoreOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"conditions to be ignored"),(0,l.kt)("td",{parentName:"tr",align:null},"[]map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*v1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}k.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/88f3f33f.8374b039.js b/assets/js/88f3f33f.373f8419.js similarity index 97% rename from assets/js/88f3f33f.8374b039.js rename to assets/js/88f3f33f.373f8419.js index 333d4b1be..d3ab8f33f 100644 --- a/assets/js/88f3f33f.8374b039.js +++ b/assets/js/88f3f33f.373f8419.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5940],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.8/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.8/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.8/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cluster-group.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.8/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.8/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5940],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.8/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.8/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.8/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cluster-group.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.8/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.8/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/8eb509d6.136c4a74.js b/assets/js/8eb509d6.ed8db67c.js similarity index 96% rename from assets/js/8eb509d6.136c4a74.js rename to assets/js/8eb509d6.ed8db67c.js index 4b44f2028..ccb80a2d4 100644 --- a/assets/js/8eb509d6.136c4a74.js +++ b/assets/js/8eb509d6.ed8db67c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3220],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.6/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.6/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.6/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3220],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.6/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.6/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.6/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.6/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/8ff6a575.5244f4ae.js b/assets/js/8ff6a575.c8248d99.js similarity index 99% rename from assets/js/8ff6a575.5244f4ae.js rename to assets/js/8ff6a575.c8248d99.js index 08dc9333e..dab0e949b 100644 --- a/assets/js/8ff6a575.5244f4ae.js +++ b/assets/js/8ff6a575.c8248d99.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6061],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},257:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.7/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.7/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.7/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/tut-deployment.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.7/quickstart"},next:{title:"Uninstall",permalink:"/0.7/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.7/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},257:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.7/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.7/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.7/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/tut-deployment.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.7/quickstart"},next:{title:"Uninstall",permalink:"/0.7/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.7/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{t.d(n,{Zo:()=>p,kt:()=>f});var r=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function a(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);n&&(r=r.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,r)}return t}function l(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=r.createContext({}),c=function(e){var n=r.useContext(i),t=n;return e&&(t="function"==typeof e?e(n):l(l({},n),e)),t},p=function(e){var n=c(e.components);return r.createElement(i.Provider,{value:n},e.children)},u={inlineCode:"code",wrapper:function(e){var n=e.children;return r.createElement(r.Fragment,{},n)}},d=r.forwardRef((function(e,n){var t=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(t),f=o,m=d["".concat(i,".").concat(f)]||d[f]||u[f]||a;return t?r.createElement(m,l(l({ref:n},p),{},{components:t})):r.createElement(m,l({ref:n},p))}));function f(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var a=t.length,l=new Array(a);l[0]=d;var s={};for(var i in n)hasOwnProperty.call(n,i)&&(s[i]=n[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{t.r(n),t.d(n,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=t(7462),o=(t(7294),t(3905));const a={},l="Bundle Resource",s={unversionedId:"ref-bundle",id:"ref-bundle",title:"Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created.",source:"@site/docs/ref-bundle.md",sourceDirName:".",slug:"/ref-bundle",permalink:"/ref-bundle",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-bundle.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/ref-gitrepo"},next:{title:"Troubleshooting",permalink:"/troubleshooting"}},i={},c=[],p={toc:c};function u(e){let{components:n,...t}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-resource"},"Bundle Resource"),(0,o.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),".\nFor more information on how to use the Bundle resource ",(0,o.kt)("a",{parentName:"p",href:"/bundle-add"},"Create a Bundle Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # Namespace used for resources that do not specify a namespace.\n # This field is not used to enforce or lock down the deployment to a specific namespace.\n # defaultNamespace: test\n\n # If present will assign all resource to this\n # namespace and if any cluster scoped resource exists the deployment will fail.\n # targetNamespace: app\n\n # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.\n # kustomize: ...\n\n # Helm options for the deployment, like the chart name, repo and values.\n # helm: ...\n\n # ServiceAccount which will be used to perform this deployment.\n # serviceAccount: sa\n\n # ForceSyncGeneration is used to force a redeployment.\n # forceSyncGeneration: 0\n\n # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.\n # yaml: ...\n\n # Diff can be used to ignore the modified state of objects which are amended at runtime.\n # A specific commit or tag can also be watched.\n #\n # diff: ...\n\n # KeepResources can be used to keep the deployed resources when removing the bundle.\n # keepResources: false\n\n # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.\n # paused: false\n\n # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.\n # rolloutStrategy: ...\n\n # Contain the actual resources from the git repo which will be deployed.\n resources:\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n\n # This field is used by Fleet internally, and it should not be modified manually.\n # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.\n # targetRestrictions: ...\n\n # Refers to the bundles which must be ready before this bundle can be deployed.\n # dependsOn: ...\n\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[427],{3905:(e,n,t)=>{t.d(n,{Zo:()=>p,kt:()=>f});var r=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function a(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);n&&(r=r.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,r)}return t}function l(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=r.createContext({}),c=function(e){var n=r.useContext(i),t=n;return e&&(t="function"==typeof e?e(n):l(l({},n),e)),t},p=function(e){var n=c(e.components);return r.createElement(i.Provider,{value:n},e.children)},u={inlineCode:"code",wrapper:function(e){var n=e.children;return r.createElement(r.Fragment,{},n)}},d=r.forwardRef((function(e,n){var t=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(t),f=o,m=d["".concat(i,".").concat(f)]||d[f]||u[f]||a;return t?r.createElement(m,l(l({ref:n},p),{},{components:t})):r.createElement(m,l({ref:n},p))}));function f(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var a=t.length,l=new Array(a);l[0]=d;var s={};for(var i in n)hasOwnProperty.call(n,i)&&(s[i]=n[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{t.r(n),t.d(n,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=t(7462),o=(t(7294),t(3905));const a={},l="Bundle Resource",s={unversionedId:"ref-bundle",id:"ref-bundle",title:"Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created.",source:"@site/docs/ref-bundle.md",sourceDirName:".",slug:"/ref-bundle",permalink:"/ref-bundle",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-bundle.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/ref-gitrepo"},next:{title:"Troubleshooting",permalink:"/troubleshooting"}},i={},c=[],p={toc:c};function u(e){let{components:n,...t}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-resource"},"Bundle Resource"),(0,o.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),".\nFor more information on how to use the Bundle resource ",(0,o.kt)("a",{parentName:"p",href:"/bundle-add"},"Create a Bundle Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # Namespace used for resources that do not specify a namespace.\n # This field is not used to enforce or lock down the deployment to a specific namespace.\n # defaultNamespace: test\n\n # If present will assign all resource to this\n # namespace and if any cluster scoped resource exists the deployment will fail.\n # targetNamespace: app\n\n # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.\n # kustomize: ...\n\n # Helm options for the deployment, like the chart name, repo and values.\n # helm: ...\n\n # ServiceAccount which will be used to perform this deployment.\n # serviceAccount: sa\n\n # ForceSyncGeneration is used to force a redeployment.\n # forceSyncGeneration: 0\n\n # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.\n # yaml: ...\n\n # Diff can be used to ignore the modified state of objects which are amended at runtime.\n # A specific commit or tag can also be watched.\n #\n # diff: ...\n\n # KeepResources can be used to keep the deployed resources when removing the bundle.\n # keepResources: false\n\n # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.\n # paused: false\n\n # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.\n # rolloutStrategy: ...\n\n # Contain the actual resources from the git repo which will be deployed.\n resources:\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n\n # This field is used by Fleet internally, and it should not be modified manually.\n # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.\n # targetRestrictions: ...\n\n # Refers to the bundles which must be ready before this bundle can be deployed.\n # dependsOn: ...\n\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/909a121f.2d6bf677.js b/assets/js/909a121f.2017447c.js similarity index 99% rename from assets/js/909a121f.2d6bf677.js rename to assets/js/909a121f.2017447c.js index 0f93978a9..a5a370d7f 100644 --- a/assets/js/909a121f.2d6bf677.js +++ b/assets/js/909a121f.2017447c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2044],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=p(n),u=r,h=c["".concat(s,".").concat(u)]||c[u]||m[u]||l;return n?a.createElement(h,i(i({ref:t},d),{},{components:n})):a.createElement(h,i({ref:t},d))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=c;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>m,frontMatter:()=>l,metadata:()=>o,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},i="Git Repository Contents",o={unversionedId:"gitrepo-content",id:"version-0.7/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.7/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.7/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/gitrepo-content.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.7/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.7/namespaces"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],d={toc:p};function m(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.7/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.7/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.7/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.7/ref-fleet-yaml"},"fleet.yaml reference")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,r.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,r.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,r.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,r.kt)("p",null,"The resources can then be referenced from a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-targets#customization-per-cluster"},"Mapping to Downstream Clusters")," for more information and a list of supported customizations."),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.7/cluster-bundles-state"},"Cluster and Bundle state"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2044],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},d=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=p(n),u=r,h=c["".concat(s,".").concat(u)]||c[u]||m[u]||l;return n?a.createElement(h,i(i({ref:t},d),{},{components:n})):a.createElement(h,i({ref:t},d))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=c;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>m,frontMatter:()=>l,metadata:()=>o,toc:()=>p});var a=n(7462),r=(n(7294),n(3905));const l={},i="Git Repository Contents",o={unversionedId:"gitrepo-content",id:"version-0.7/gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.7/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/0.7/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/gitrepo-content.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/0.7/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/0.7/namespaces"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],d={toc:p};function m(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.7/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.7/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.7/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("p",null,"The available fields are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.7/ref-fleet-yaml"},"fleet.yaml reference")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,r.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,r.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,r.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,r.kt)("p",null,"The resources can then be referenced from a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-targets#customization-per-cluster"},"Mapping to Downstream Clusters")," for more information and a list of supported customizations."),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.7/cluster-bundles-state"},"Cluster and Bundle state"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/922074e2.8a31945b.js b/assets/js/922074e2.5c806b33.js similarity index 98% rename from assets/js/922074e2.8a31945b.js rename to assets/js/922074e2.5c806b33.js index d5330d2bb..a78f56193 100644 --- a/assets/js/922074e2.8a31945b.js +++ b/assets/js/922074e2.5c806b33.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2717],{3905:(t,e,n)=>{n.d(e,{Zo:()=>d,kt:()=>s});var r=n(7294);function a(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function l(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function o(t){for(var e=1;e=0||(a[n]=t[n]);return a}(t,e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(t);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(t,n)&&(a[n]=t[n])}return a}var p=r.createContext({}),u=function(t){var e=r.useContext(p),n=e;return t&&(n="function"==typeof t?t(e):o(o({},e),t)),n},d=function(t){var e=u(t.components);return r.createElement(p.Provider,{value:e},t.children)},m={inlineCode:"code",wrapper:function(t){var e=t.children;return r.createElement(r.Fragment,{},e)}},c=r.forwardRef((function(t,e){var n=t.components,a=t.mdxType,l=t.originalType,p=t.parentName,d=i(t,["components","mdxType","originalType","parentName"]),c=u(n),s=a,g=c["".concat(p,".").concat(s)]||c[s]||m[s]||l;return n?r.createElement(g,o(o({ref:e},d),{},{components:n})):r.createElement(g,o({ref:e},d))}));function s(t,e){var n=arguments,a=e&&e.mdxType;if("string"==typeof t||a){var l=n.length,o=new Array(l);o[0]=c;var i={};for(var p in e)hasOwnProperty.call(e,p)&&(i[p]=e[p]);i.originalType=t,i.mdxType="string"==typeof t?t:a,o[1]=i;for(var u=2;u{n.r(e),n.d(e,{assets:()=>p,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>u});var r=n(7462),a=(n(7294),n(3905));const l={},o="List of Deployed Resources",i={unversionedId:"ref-resources",id:"version-0.8/ref-resources",title:"List of Deployed Resources",description:"After installing Fleet in Rancher these resources are created in the upstream cluster.",source:"@site/versioned_docs/version-0.8/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.8/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-resources.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.8/ref-configuration"},next:{title:"Custom Resources Spec",permalink:"/0.8/ref-crds"}},p={},u=[],d={toc:u};function m(t){let{components:e,...n}=t;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:e,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"list-of-deployed-resources"},"List of Deployed Resources"),(0,a.kt)("p",null,"After installing Fleet in Rancher these resources are created in the upstream cluster."),(0,a.kt)("table",null,(0,a.kt)("thead",{parentName:"table"},(0,a.kt)("tr",{parentName:"thead"},(0,a.kt)("th",{parentName:"tr",align:null},"Type"),(0,a.kt)("th",{parentName:"tr",align:null},"Name"),(0,a.kt)("th",{parentName:"tr",align:null},"Namespace"))),(0,a.kt)("tbody",{parentName:"table"},(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"From Helm, intial setup:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob-binding"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ConfigMap"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Service"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Generated:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterGroup"),(0,a.kt)("td",{parentName:"tr",align:null},"default"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"For each registered cluster:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null},"by default fleet-default")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"generated"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"BundleDeployment"),(0,a.kt)("td",{parentName:"tr",align:null},"cluster-fleet-local-local-ID"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local")))),(0,a.kt)("p",null,"Also see ","[namespaces]"))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2717],{3905:(t,e,n)=>{n.d(e,{Zo:()=>d,kt:()=>s});var r=n(7294);function a(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function l(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function o(t){for(var e=1;e=0||(a[n]=t[n]);return a}(t,e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(t);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(t,n)&&(a[n]=t[n])}return a}var p=r.createContext({}),u=function(t){var e=r.useContext(p),n=e;return t&&(n="function"==typeof t?t(e):o(o({},e),t)),n},d=function(t){var e=u(t.components);return r.createElement(p.Provider,{value:e},t.children)},m={inlineCode:"code",wrapper:function(t){var e=t.children;return r.createElement(r.Fragment,{},e)}},c=r.forwardRef((function(t,e){var n=t.components,a=t.mdxType,l=t.originalType,p=t.parentName,d=i(t,["components","mdxType","originalType","parentName"]),c=u(n),s=a,g=c["".concat(p,".").concat(s)]||c[s]||m[s]||l;return n?r.createElement(g,o(o({ref:e},d),{},{components:n})):r.createElement(g,o({ref:e},d))}));function s(t,e){var n=arguments,a=e&&e.mdxType;if("string"==typeof t||a){var l=n.length,o=new Array(l);o[0]=c;var i={};for(var p in e)hasOwnProperty.call(e,p)&&(i[p]=e[p]);i.originalType=t,i.mdxType="string"==typeof t?t:a,o[1]=i;for(var u=2;u{n.r(e),n.d(e,{assets:()=>p,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>u});var r=n(7462),a=(n(7294),n(3905));const l={},o="List of Deployed Resources",i={unversionedId:"ref-resources",id:"version-0.8/ref-resources",title:"List of Deployed Resources",description:"After installing Fleet in Rancher these resources are created in the upstream cluster.",source:"@site/versioned_docs/version-0.8/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.8/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-resources.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.8/ref-configuration"},next:{title:"Custom Resources Spec",permalink:"/0.8/ref-crds"}},p={},u=[],d={toc:u};function m(t){let{components:e,...n}=t;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:e,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"list-of-deployed-resources"},"List of Deployed Resources"),(0,a.kt)("p",null,"After installing Fleet in Rancher these resources are created in the upstream cluster."),(0,a.kt)("table",null,(0,a.kt)("thead",{parentName:"table"},(0,a.kt)("tr",{parentName:"thead"},(0,a.kt)("th",{parentName:"tr",align:null},"Type"),(0,a.kt)("th",{parentName:"tr",align:null},"Name"),(0,a.kt)("th",{parentName:"tr",align:null},"Namespace"))),(0,a.kt)("tbody",{parentName:"table"},(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"From Helm, intial setup:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob-binding"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ConfigMap"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Service"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Generated:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterGroup"),(0,a.kt)("td",{parentName:"tr",align:null},"default"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"For each registered cluster:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null},"by default fleet-default")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"generated"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"BundleDeployment"),(0,a.kt)("td",{parentName:"tr",align:null},"cluster-fleet-local-local-ID"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local")))),(0,a.kt)("p",null,"Also see ","[namespaces]"))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/9533a6b7.f97f63ac.js b/assets/js/9533a6b7.46042115.js similarity index 98% rename from assets/js/9533a6b7.f97f63ac.js rename to assets/js/9533a6b7.46042115.js index 93f9e0fb4..e919df738 100644 --- a/assets/js/9533a6b7.f97f63ac.js +++ b/assets/js/9533a6b7.46042115.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9353],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.5/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.5/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.5/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-targets.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9353],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.5/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.5/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.5/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-targets.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.5/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.5/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/95a72457.7bbfbc02.js b/assets/js/95a72457.c560a611.js similarity index 98% rename from assets/js/95a72457.7bbfbc02.js rename to assets/js/95a72457.c560a611.js index 1079c413a..6c50c6d9c 100644 --- a/assets/js/95a72457.7bbfbc02.js +++ b/assets/js/95a72457.c560a611.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4126],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/docs/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/multi-user.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4126],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/docs/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/multi-user.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file diff --git a/assets/js/963c03f5.4418c6a5.js b/assets/js/963c03f5.9438a1ce.js similarity index 98% rename from assets/js/963c03f5.4418c6a5.js rename to assets/js/963c03f5.9438a1ce.js index 016251de5..f73b11ed4 100644 --- a/assets/js/963c03f5.4418c6a5.js +++ b/assets/js/963c03f5.9438a1ce.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[203],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},f=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),m=r,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||l;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.7/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.7/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.7/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-configuration.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.7/ref-registration"},next:{title:"Custom Resources Spec",permalink:"/0.7/ref-crds"}},s={},c=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2},{value:"Fleet agent configuration",id:"fleet-agent-configuration",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"configuration"},"Configuration"),(0,r.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,r.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,r.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,r.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,r.kt)("p",null,"The controllers can be started with these environment variables:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,r.kt)("h2",{id:"configuration-1"},"Configuration"),(0,r.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,r.kt)("p",null,"The config ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent"),(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller")),(0,r.kt)("h2",{id:"labels"},"Labels"),(0,r.kt)("p",null,"Labels used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,r.kt)("h2",{id:"annotations"},"Annotations"),(0,r.kt)("p",null,"Annotations used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))),(0,r.kt)("h2",{id:"fleet-agent-configuration"},"Fleet agent configuration"),(0,r.kt)("p",null,"Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/ref-crds#clusterspec"},"Cluster"),", see ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/cluster-registration"},"Registering Downstream Cluster")," for more info on how to create\nClusters. Default configuration will be used if these fields are not provided."),(0,r.kt)("p",null,"If you change the resources limits, make sure the limits allow the fleet-agent to work normally."),(0,r.kt)("p",null,"Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults.\nAgents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[203],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},f=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),m=r,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||l;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.7/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.7/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.7/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-configuration.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.7/ref-registration"},next:{title:"Custom Resources Spec",permalink:"/0.7/ref-crds"}},s={},c=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2},{value:"Fleet agent configuration",id:"fleet-agent-configuration",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"configuration"},"Configuration"),(0,r.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,r.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,r.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,r.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,r.kt)("p",null,"The controllers can be started with these environment variables:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,r.kt)("h2",{id:"configuration-1"},"Configuration"),(0,r.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,r.kt)("p",null,"The config ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent"),(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller")),(0,r.kt)("h2",{id:"labels"},"Labels"),(0,r.kt)("p",null,"Labels used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,r.kt)("h2",{id:"annotations"},"Annotations"),(0,r.kt)("p",null,"Annotations used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))),(0,r.kt)("h2",{id:"fleet-agent-configuration"},"Fleet agent configuration"),(0,r.kt)("p",null,"Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/ref-crds#clusterspec"},"Cluster"),", see ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/cluster-registration"},"Registering Downstream Cluster")," for more info on how to create\nClusters. Default configuration will be used if these fields are not provided."),(0,r.kt)("p",null,"If you change the resources limits, make sure the limits allow the fleet-agent to work normally."),(0,r.kt)("p",null,"Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults.\nAgents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/96465f27.86304607.js b/assets/js/96465f27.9930e371.js similarity index 99% rename from assets/js/96465f27.86304607.js rename to assets/js/96465f27.9930e371.js index d1915998a..7245bb404 100644 --- a/assets/js/96465f27.86304607.js +++ b/assets/js/96465f27.9930e371.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7537],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.8/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.8/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.8/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/bundle-diffs.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.8/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.8/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,"In this simple example, we create a Service and ConfigMap that we apply a bundle diff onto."),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec."),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7537],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.8/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.8/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.8/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/bundle-diffs.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.8/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.8/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,"In this simple example, we create a Service and ConfigMap that we apply a bundle diff onto."),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec."),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/97c3cd43.b9572569.js b/assets/js/97c3cd43.ee11b536.js similarity index 97% rename from assets/js/97c3cd43.b9572569.js rename to assets/js/97c3cd43.ee11b536.js index e4be235b1..925ea0052 100644 --- a/assets/js/97c3cd43.b9572569.js +++ b/assets/js/97c3cd43.ee11b536.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2299],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.7/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.7/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-cli/fleet.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.7/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.7/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2299],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.7/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.7/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-cli/fleet.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.7/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.7/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/97d7d53e.d4b21535.js b/assets/js/97d7d53e.d4b21535.js new file mode 100644 index 000000000..adb980458 --- /dev/null +++ b/assets/js/97d7d53e.d4b21535.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6967],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.9/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.9/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.9/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cli/fleet-cli/fleet_test.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.9/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.9/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/984cdf04.5dcbd17d.js b/assets/js/984cdf04.0a56d350.js similarity index 99% rename from assets/js/984cdf04.5dcbd17d.js rename to assets/js/984cdf04.0a56d350.js index 90d105c6c..acaf264c4 100644 --- a/assets/js/984cdf04.5dcbd17d.js +++ b/assets/js/984cdf04.0a56d350.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1332],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},5083:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.6/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.6/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.6/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/tut-deployment.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.6/quickstart"},next:{title:"Uninstall",permalink:"/0.6/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.6/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},5083:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.6/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.6/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.6/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/tut-deployment.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.6/quickstart"},next:{title:"Uninstall",permalink:"/0.6/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.6/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.7/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.7/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.7/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/imagescan.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.7/webhook"},next:{title:"Create a Bundle Resource",permalink:"/0.7/bundle-add"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order\n- policy:\n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver:\n range: "*"\n # can use ascending or descending order\n alphabetical:\n order: asc\n\n # specify images to scan\n image: "your.registry.com/repo/image"\n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret\n\n # Specify the scan interval\n interval: 5m\n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples\n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m\n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret\n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9801],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.7/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.7/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.7/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/imagescan.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.7/webhook"},next:{title:"Create a Bundle Resource",permalink:"/0.7/bundle-add"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order\n- policy:\n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver:\n range: "*"\n # can use ascending or descending order\n alphabetical:\n order: asc\n\n # specify images to scan\n image: "your.registry.com/repo/image"\n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret\n\n # Specify the scan interval\n interval: 5m\n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples\n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m\n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret\n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/9d91368e.d857c116.js b/assets/js/9d91368e.ad4797ca.js similarity index 97% rename from assets/js/9d91368e.d857c116.js rename to assets/js/9d91368e.ad4797ca.js index 5a102693f..0b5ab6543 100644 --- a/assets/js/9d91368e.d857c116.js +++ b/assets/js/9d91368e.ad4797ca.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[501],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.8/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.8/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.8/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/imagescan.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.8/webhook"},next:{title:"Create a Bundle Resource",permalink:"/0.8/bundle-add"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order\n- policy:\n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver:\n range: "*"\n # can use ascending or descending order\n alphabetical:\n order: asc\n\n # specify images to scan\n image: "your.registry.com/repo/image"\n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret\n\n # Specify the scan interval\n interval: 5m\n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples\n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m\n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret\n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[501],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.8/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.8/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.8/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/imagescan.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.8/webhook"},next:{title:"Create a Bundle Resource",permalink:"/0.8/bundle-add"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order\n- policy:\n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver:\n range: "*"\n # can use ascending or descending order\n alphabetical:\n order: asc\n\n # specify images to scan\n image: "your.registry.com/repo/image"\n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret\n\n # Specify the scan interval\n interval: 5m\n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples\n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m\n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret\n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/9d9f8394.46e62662.js b/assets/js/9d9f8394.5470cbbb.js similarity index 99% rename from assets/js/9d9f8394.46e62662.js rename to assets/js/9d9f8394.5470cbbb.js index 7eec84c25..62de03dad 100644 --- a/assets/js/9d9f8394.46e62662.js +++ b/assets/js/9d9f8394.5470cbbb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9360],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/docs/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/troubleshooting.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Resource",permalink:"/ref-bundle"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Fetch detailed status from GitRepos and Bundles?",id:"fetch-detailed-status-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled."),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"fetch-detailed-status-from-gitrepos-and-bundles"},"Fetch detailed status from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"For debugging and bug reports the raw JSON of the resources status fields is most useful.\nThis can be accessed in the Rancher UI, or through ",(0,a.kt)("inlineCode",{parentName:"p"},"kubectl"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}\nkubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}\n")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo."),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority"\n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm:\n releaseName: \n repo: \n chart: \ndiff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations"\n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/bundle-diffs"},"bundle diffs documentation")," for more information.")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9360],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/docs/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/troubleshooting.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Resource",permalink:"/ref-bundle"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Fetch detailed status from GitRepos and Bundles?",id:"fetch-detailed-status-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled."),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"fetch-detailed-status-from-gitrepos-and-bundles"},"Fetch detailed status from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"For debugging and bug reports the raw JSON of the resources status fields is most useful.\nThis can be accessed in the Rancher UI, or through ",(0,a.kt)("inlineCode",{parentName:"p"},"kubectl"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}\nkubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}\n")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo."),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority"\n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm:\n releaseName: \n repo: \n chart: \ndiff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations"\n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/bundle-diffs"},"bundle diffs documentation")," for more information.")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/9db89767.bf1691eb.js b/assets/js/9db89767.1e273152.js similarity index 98% rename from assets/js/9db89767.bf1691eb.js rename to assets/js/9db89767.1e273152.js index 1ef680cac..182fa3208 100644 --- a/assets/js/9db89767.bf1691eb.js +++ b/assets/js/9db89767.1e273152.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9510],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.7/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.7/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.7/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/multi-user.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.7/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.7/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.7/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.7/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.7/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9510],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.7/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.7/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.7/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/multi-user.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.7/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.7/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.7/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.7/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.7/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file diff --git a/assets/js/9fc6df8f.f3e00348.js b/assets/js/9fc6df8f.f3e00348.js new file mode 100644 index 000000000..630a2d146 --- /dev/null +++ b/assets/js/9fc6df8f.f3e00348.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5959],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},3504:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"version-0.9/tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/versioned_docs/version-0.9/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/0.9/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/tut-deployment.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/0.9/quickstart"},next:{title:"Uninstall",permalink:"/0.9/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/0.9/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/0.9/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,m=o(e,["components","mdxType","originalType","parentName"]),c=p(n),u=l,h=c["".concat(s,".").concat(u)]||c[u]||d[u]||r;return n?a.createElement(h,i(i({ref:t},m),{},{components:n})):a.createElement(h,i({ref:t},m))}));function u(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=c;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>o,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Git Repository Contents",o={unversionedId:"gitrepo-content",id:"gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/docs/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-content.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/namespaces"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"Excluding files and directories from bundles",id:"excluding-files-and-directories-from-bundles",level:3},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],m={toc:p};function d(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,l.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,l.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,l.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,l.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,l.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,l.kt)("p",null,"Multiple paths can be defined for a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,l.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,l.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"File"),(0,l.kt)("th",{parentName:"tr",align:null},"Location"),(0,l.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,l.kt)("a",{parentName:"td",href:"/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"}," *.yaml ")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If a ",(0,l.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,l.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")),(0,l.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,l.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,l.kt)("h3",{id:"excluding-files-and-directories-from-bundles"},"Excluding files and directories from bundles"),(0,l.kt)("p",null,"Fleet supports file and directory exclusion by means of ",(0,l.kt)("inlineCode",{parentName:"p"},".fleetignore")," files, in a similar fashion to how ",(0,l.kt)("inlineCode",{parentName:"p"},".gitignore"),"\nfiles behave in git repositories:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Glob syntax is used to match files or directories, using Golang's\n",(0,l.kt)("a",{parentName:"li",href:"https://pkg.go.dev/path/filepath#Match"},(0,l.kt)("inlineCode",{parentName:"a"},"filepath.Match"))),(0,l.kt)("li",{parentName:"ul"},"Empty lines are skipped, and can therefore be used to improve readability"),(0,l.kt)("li",{parentName:"ul"},"Characters like white spaces and ",(0,l.kt)("inlineCode",{parentName:"li"},"#")," can be escaped with a backslash"),(0,l.kt)("li",{parentName:"ul"},"Trailing spaces are ignored, unless escaped"),(0,l.kt)("li",{parentName:"ul"},"Comments, ie lines starting with unescaped ",(0,l.kt)("inlineCode",{parentName:"li"},"#"),", are skipped"),(0,l.kt)("li",{parentName:"ul"},"A given line can match a file or a directory, even if no separator is provided: eg. ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir/*")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," are both\nvalid ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lines, and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," matches both files and directories called ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")),(0,l.kt)("li",{parentName:"ul"},"A match may be found for a file or directory at any level below the directory where a ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lives, ie\n",(0,l.kt)("inlineCode",{parentName:"li"},"foo.yaml")," will match ",(0,l.kt)("inlineCode",{parentName:"li"},"./foo.yaml")," as well as ",(0,l.kt)("inlineCode",{parentName:"li"},"./path/to/foo.yaml")),(0,l.kt)("li",{parentName:"ul"},"Multiple ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," files are supported. For instance, in the following directory structure, only\n",(0,l.kt)("inlineCode",{parentName:"li"},"root/something.yaml"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"bar/something2.yaml")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"foo/something.yaml")," will end up in a bundle:")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"root/\n\u251c\u2500\u2500 .fleetignore # contains `ignore-always.yaml'\n\u251c\u2500\u2500 something.yaml\n\u251c\u2500\u2500 bar\n\u2502\xa0\xa0 \u251c\u2500\u2500 .fleetignore # contains `something.yaml`\n\u2502\xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n\u2502\xa0\xa0 \u251c\u2500\u2500 something2.yaml\n\u2502\xa0\xa0 \u2514\u2500\u2500 something.yaml\n\u2514\u2500\u2500 foo\n \xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n \xa0\xa0 \u2514\u2500\u2500 something.yaml\n")),(0,l.kt)("p",null,"This currently comes with a few limitations, the following not being supported:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Double asterisks (",(0,l.kt)("inlineCode",{parentName:"li"},"**"),")"),(0,l.kt)("li",{parentName:"ul"},"Explicit inclusions with ",(0,l.kt)("inlineCode",{parentName:"li"},"!"))),(0,l.kt)("h2",{id:"fleetyaml"},(0,l.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,l.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,l.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,l.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,l.kt)("p",null,"The available fields are documented in the ",(0,l.kt)("a",{parentName:"p",href:"/ref-fleet-yaml"},"fleet.yaml reference")),(0,l.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,l.kt)("a",{parentName:"p",href:"/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,l.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,l.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,l.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,l.kt)("p",null,"These examples showcase the style and format for using ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,l.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,l.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,l.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,l.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,l.kt)("p",null,"The resources can then be referenced from a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,l.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,l.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,l.kt)("p",null,"There are three approaches to matching clusters for both ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,l.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: all\n # Match everything\n clusterSelector: {}\n- name: none\n # Selector ignored\n clusterSelector: null\n")),(0,l.kt)("p",null,"When matching a cluster by name, make sure to use the name of the\n",(0,l.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource. The Rancher UI also has a provisioning and\na management cluster resource. Since the management cluster resource is not\nnamespaced, its name is different and contains a random suffix."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: prod\n clusterName: fleetname\n")),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"gitrepo-targets#customization-per-cluster"},"Mapping to Downstream Clusters")," for more information and a list of supported customizations."),(0,l.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,l.kt)("p",null,"When using Kustomize or Helm the ",(0,l.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,l.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,l.kt)("p",null,"A file named ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,l.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,l.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3803],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),p=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=p(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,m=o(e,["components","mdxType","originalType","parentName"]),c=p(n),u=l,h=c["".concat(s,".").concat(u)]||c[u]||d[u]||r;return n?a.createElement(h,i(i({ref:t},m),{},{components:n})):a.createElement(h,i({ref:t},m))}));function u(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=c;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>o,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Git Repository Contents",o={unversionedId:"gitrepo-content",id:"gitrepo-content",title:"Git Repository Contents",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/docs/gitrepo-content.md",sourceDirName:".",slug:"/gitrepo-content",permalink:"/gitrepo-content",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-content.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Lifecycle",permalink:"/ref-bundle-stages"},next:{title:"Namespaces",permalink:"/namespaces"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"Excluding files and directories from bundles",id:"excluding-files-and-directories-from-bundles",level:3},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Using Helm Values",id:"using-helm-values",level:2},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle State",id:"cluster-and-bundle-state",level:2}],m={toc:p};function d(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"git-repository-contents"},"Git Repository Contents"),(0,l.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,l.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,l.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,l.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,l.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,l.kt)("p",null,"Multiple paths can be defined for a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,l.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,l.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"File"),(0,l.kt)("th",{parentName:"tr",align:null},"Location"),(0,l.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,l.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,l.kt)("a",{parentName:"td",href:"/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"}," *.yaml ")),(0,l.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,l.kt)("td",{parentName:"tr",align:null},"If a ",(0,l.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,l.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,l.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,l.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,l.kt)("inlineCode",{parentName:"td"},"path")),(0,l.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,l.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,l.kt)("h3",{id:"excluding-files-and-directories-from-bundles"},"Excluding files and directories from bundles"),(0,l.kt)("p",null,"Fleet supports file and directory exclusion by means of ",(0,l.kt)("inlineCode",{parentName:"p"},".fleetignore")," files, in a similar fashion to how ",(0,l.kt)("inlineCode",{parentName:"p"},".gitignore"),"\nfiles behave in git repositories:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Glob syntax is used to match files or directories, using Golang's\n",(0,l.kt)("a",{parentName:"li",href:"https://pkg.go.dev/path/filepath#Match"},(0,l.kt)("inlineCode",{parentName:"a"},"filepath.Match"))),(0,l.kt)("li",{parentName:"ul"},"Empty lines are skipped, and can therefore be used to improve readability"),(0,l.kt)("li",{parentName:"ul"},"Characters like white spaces and ",(0,l.kt)("inlineCode",{parentName:"li"},"#")," can be escaped with a backslash"),(0,l.kt)("li",{parentName:"ul"},"Trailing spaces are ignored, unless escaped"),(0,l.kt)("li",{parentName:"ul"},"Comments, ie lines starting with unescaped ",(0,l.kt)("inlineCode",{parentName:"li"},"#"),", are skipped"),(0,l.kt)("li",{parentName:"ul"},"A given line can match a file or a directory, even if no separator is provided: eg. ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir/*")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," are both\nvalid ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lines, and ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")," matches both files and directories called ",(0,l.kt)("inlineCode",{parentName:"li"},"subdir")),(0,l.kt)("li",{parentName:"ul"},"A match may be found for a file or directory at any level below the directory where a ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," lives, ie\n",(0,l.kt)("inlineCode",{parentName:"li"},"foo.yaml")," will match ",(0,l.kt)("inlineCode",{parentName:"li"},"./foo.yaml")," as well as ",(0,l.kt)("inlineCode",{parentName:"li"},"./path/to/foo.yaml")),(0,l.kt)("li",{parentName:"ul"},"Multiple ",(0,l.kt)("inlineCode",{parentName:"li"},".fleetignore")," files are supported. For instance, in the following directory structure, only\n",(0,l.kt)("inlineCode",{parentName:"li"},"root/something.yaml"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"bar/something2.yaml")," and ",(0,l.kt)("inlineCode",{parentName:"li"},"foo/something.yaml")," will end up in a bundle:")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"root/\n\u251c\u2500\u2500 .fleetignore # contains `ignore-always.yaml'\n\u251c\u2500\u2500 something.yaml\n\u251c\u2500\u2500 bar\n\u2502\xa0\xa0 \u251c\u2500\u2500 .fleetignore # contains `something.yaml`\n\u2502\xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n\u2502\xa0\xa0 \u251c\u2500\u2500 something2.yaml\n\u2502\xa0\xa0 \u2514\u2500\u2500 something.yaml\n\u2514\u2500\u2500 foo\n \xa0\xa0 \u251c\u2500\u2500 ignore-always.yaml\n \xa0\xa0 \u2514\u2500\u2500 something.yaml\n")),(0,l.kt)("p",null,"This currently comes with a few limitations, the following not being supported:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"Double asterisks (",(0,l.kt)("inlineCode",{parentName:"li"},"**"),")"),(0,l.kt)("li",{parentName:"ul"},"Explicit inclusions with ",(0,l.kt)("inlineCode",{parentName:"li"},"!"))),(0,l.kt)("h2",{id:"fleetyaml"},(0,l.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,l.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,l.kt)("a",{parentName:"p",href:"/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,l.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,l.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,l.kt)("p",null,"The available fields are documented in the ",(0,l.kt)("a",{parentName:"p",href:"/ref-fleet-yaml"},"fleet.yaml reference")),(0,l.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,l.kt)("a",{parentName:"p",href:"/gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,l.kt)("h2",{id:"using-helm-values"},"Using Helm Values"),(0,l.kt)("p",null,(0,l.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,l.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),". That means ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom")," will take precedence over both, ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFiles")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"values"),"."))),(0,l.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,l.kt)("p",null,"These examples showcase the style and format for using ",(0,l.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in ",(0,l.kt)("em",{parentName:"p"},"downstream clusters"),"."),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,l.kt)("p",null,"Example ",(0,l.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 3\n serviceType: NodePort\n")),(0,l.kt)("p",null,"A secret like that, can be created from a YAML file ",(0,l.kt)("inlineCode",{parentName:"p"},"secretdata.yaml")," by running the following kubectl command: ",(0,l.kt)("inlineCode",{parentName:"p"},"kubectl create secret generic secret-values --from-file=values.yaml=secretdata.yaml")),(0,l.kt)("p",null,"The resources can then be referenced from a ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),":"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'helm:\n chart: simple-chart\n valuesFrom:\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n - configMapKeyRef:\n name: configmap-values\n namespace: default\n key: values.yaml\n values:\n replicas: "4"\n')),(0,l.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,l.kt)("p",null,"The ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,l.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,l.kt)("p",null,"There are three approaches to matching clusters for both ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,l.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,l.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: all\n # Match everything\n clusterSelector: {}\n- name: none\n # Selector ignored\n clusterSelector: null\n")),(0,l.kt)("p",null,"When matching a cluster by name, make sure to use the name of the\n",(0,l.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource. The Rancher UI also has a provisioning and\na management cluster resource. Since the management cluster resource is not\nnamespaced, its name is different and contains a random suffix."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"targetCustomizations:\n- name: prod\n clusterName: fleetname\n")),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"gitrepo-targets#customization-per-cluster"},"Mapping to Downstream Clusters")," for more information and a list of supported customizations."),(0,l.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,l.kt)("p",null,"When using Kustomize or Helm the ",(0,l.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,l.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file will be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,l.kt)("p",null,"A file named ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,l.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents of a file the convention of adding ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,l.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,l.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,l.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,l.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,l.kt)("p",null,"See ",(0,l.kt)("a",{parentName:"p",href:"/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/a2c468b1.5865e1b0.js b/assets/js/a2c468b1.2d6ddbd7.js similarity index 99% rename from assets/js/a2c468b1.5865e1b0.js rename to assets/js/a2c468b1.2d6ddbd7.js index e91d5c02f..57eb8471d 100644 --- a/assets/js/a2c468b1.5865e1b0.js +++ b/assets/js/a2c468b1.2d6ddbd7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2361],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.4/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.4/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.4/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/bundle-diffs.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.4/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2361],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.4/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.4/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.4/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/bundle-diffs.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.4/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.4/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/a60f0c4b.5595a33a.js b/assets/js/a60f0c4b.aa049d64.js similarity index 97% rename from assets/js/a60f0c4b.5595a33a.js rename to assets/js/a60f0c4b.aa049d64.js index 6be7c84e8..cf3902557 100644 --- a/assets/js/a60f0c4b.5595a33a.js +++ b/assets/js/a60f0c4b.aa049d64.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1079],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.7/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.7/index.md",sourceDirName:".",slug:"/",permalink:"/0.7/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/index.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.7/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1079],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.7/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.7/index.md",sourceDirName:".",slug:"/",permalink:"/0.7/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/index.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.7/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file diff --git a/assets/js/a8ca5d11.6f76769c.js b/assets/js/a8ca5d11.4d6b8753.js similarity index 94% rename from assets/js/a8ca5d11.6f76769c.js rename to assets/js/a8ca5d11.4d6b8753.js index 4ecdd4989..d2b0d756c 100644 --- a/assets/js/a8ca5d11.6f76769c.js +++ b/assets/js/a8ca5d11.4d6b8753.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1697],{3905:(e,t,a)=>{a.d(t,{Zo:()=>d,kt:()=>h});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function l(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),s=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):l(l({},t),e)),a},d=function(e){var t=s(e.components);return n.createElement(p.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),m=s(a),h=r,u=m["".concat(p,".").concat(h)]||m[h]||c[h]||i;return a?n.createElement(u,l(l({ref:t},d),{},{components:a})):n.createElement(u,l({ref:t},d))}));function h(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,l=new Array(i);l[0]=m;var o={};for(var p in t)hasOwnProperty.call(t,p)&&(o[p]=t[p]);o.originalType=e,o.mdxType="string"==typeof e?e:r,l[1]=o;for(var s=2;s{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>l,default:()=>c,frontMatter:()=>i,metadata:()=>o,toc:()=>s});var n=a(7462),r=(a(7294),a(3905));const i={},l="Create a GitRepo Resource",o={unversionedId:"gitrepo-add",id:"version-0.8/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.8/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.8/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/gitrepo-add.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.8/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.8/gitrepo-targets"}},p={},s=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2},{value:"Use different helm credentials for each path",id:"use-different-helm-credentials-for-each-path",level:3}],d={toc:s};function c(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.8/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"/0.8/gitrepo-content"},"Git Repository Contents")," has detail about the content of the Git repository."),(0,r.kt)("p",null,"The available fields of the GitRepo custom resource are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.8/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.8/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.8/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Use ",(0,r.kt)("a",{parentName:"p",href:"#use-different-helm-credentials-for-each-path"},"different helm credentials for each path"),",\nor split them into different gitrepos, or use ",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h3",{id:"use-different-helm-credentials-for-each-path"},"Use different helm credentials for each path"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName")," will be ignored if ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretNameForPaths")," is provided")),(0,r.kt)("p",null,"Create a file ",(0,r.kt)("inlineCode",{parentName:"p"},"secrets-path.yaml")," that contains credentials for each path defined in a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". Credentials will not be used\nfor paths that are not present in this file.\nThe path is the actual path to the bundle (ie to a folder containing a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file) within the git repository, which might have more segments than the entry under ",(0,r.kt)("inlineCode",{parentName:"p"},"paths:"),"."),(0,r.kt)("p",null,"Example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"path-one: # path path-one must exist in the repository\n username: user\n password: pass\npath-two: # path path-one must exist in the repository\n username: user2\n password: pass2\n caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=\n sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n")),(0,r.kt)("p",null,"Create the secret"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml\n")),(0,r.kt)("p",null,"In the previous example credentials for username ",(0,r.kt)("inlineCode",{parentName:"p"},"user")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-one")," and credentials for username\n",(0,r.kt)("inlineCode",{parentName:"p"},"user2")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-two"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"caBundle")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"sshPrivateKey")," must be base64 encoded."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.8/troubleshooting"},"here"),".")))}c.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1697],{3905:(e,t,a)=>{a.d(t,{Zo:()=>d,kt:()=>h});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function i(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var p=n.createContext({}),s=function(e){var t=n.useContext(p),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},d=function(e){var t=s(e.components);return n.createElement(p.Provider,{value:t},e.children)},c={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,i=e.originalType,p=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),m=s(a),h=r,u=m["".concat(p,".").concat(h)]||m[h]||c[h]||i;return a?n.createElement(u,o(o({ref:t},d),{},{components:a})):n.createElement(u,o({ref:t},d))}));function h(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=a.length,o=new Array(i);o[0]=m;var l={};for(var p in t)hasOwnProperty.call(t,p)&&(l[p]=t[p]);l.originalType=e,l.mdxType="string"==typeof e?e:r,o[1]=l;for(var s=2;s{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>o,default:()=>c,frontMatter:()=>i,metadata:()=>l,toc:()=>s});var n=a(7462),r=(a(7294),a(3905));const i={},o="Create a GitRepo Resource",l={unversionedId:"gitrepo-add",id:"version-0.8/gitrepo-add",title:"Create a GitRepo Resource",description:"Create GitRepo Instance",source:"@site/versioned_docs/version-0.8/gitrepo-add.md",sourceDirName:".",slug:"/gitrepo-add",permalink:"/0.8/gitrepo-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/gitrepo-add.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Setup Multi User",permalink:"/0.8/multi-user"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.8/gitrepo-targets"}},p={},s=[{value:"Create GitRepo Instance",id:"create-gitrepo-instance",level:2},{value:"Proper Namespace",id:"proper-namespace",level:2},{value:"Adding Private Git Repository",id:"adding-private-git-repository",level:2},{value:"Using HTTP Auth",id:"using-http-auth",level:3},{value:"Using Private Helm Repositories",id:"using-private-helm-repositories",level:2},{value:"Use different helm credentials for each path",id:"use-different-helm-credentials-for-each-path",level:3}],d={toc:s};function c(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},d,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-gitrepo-resource"},"Create a GitRepo Resource"),(0,r.kt)("h2",{id:"create-gitrepo-instance"},"Create GitRepo Instance"),(0,r.kt)("p",null,"Git repositories are registered by creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource in Kubernetes. Refer\nto the ",(0,r.kt)("a",{parentName:"p",href:"/0.8/tut-deployment"},"creating a deployment tutorial")," for examples."),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"/0.8/gitrepo-content"},"Git Repository Contents")," has detail about the content of the Git repository."),(0,r.kt)("p",null,"The available fields of the GitRepo custom resource are documented in the ",(0,r.kt)("a",{parentName:"p",href:"/0.8/ref-gitrepo"},"GitRepo resource reference")),(0,r.kt)("h2",{id:"proper-namespace"},"Proper Namespace"),(0,r.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,r.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,r.kt)("p",null,"If you are using Fleet in a ",(0,r.kt)("a",{parentName:"p",href:"/0.8/concepts"},"single cluster")," style, the namespace will always be ",(0,r.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,r.kt)("p",null,"For a ",(0,r.kt)("a",{parentName:"p",href:"/0.8/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,r.kt)("h2",{id:"adding-private-git-repository"},"Adding Private Git Repository"),(0,r.kt)("p",null,"Fleet supports both http and ssh auth key for private repository. To use this you have to create a secret in the same namespace."),(0,r.kt)("p",null,"For example, to generate a private ssh key"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},'ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"\n')),(0,r.kt)("p",null,"Note: The private key format has to be in ",(0,r.kt)("inlineCode",{parentName:"p"},"EC PRIVATE KEY"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"RSA PRIVATE KEY")," or ",(0,r.kt)("inlineCode",{parentName:"p"},"PRIVATE KEY")," and should not contain a passphase."),(0,r.kt)("p",null,"Put your private key into secret, use the namespace the GitRepo is in:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --type=kubernetes.io/ssh-auth\n")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Private key with passphrase is not supported.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"The key has to be in PEM format.")),(0,r.kt)("p",null,"Fleet supports putting ",(0,r.kt)("inlineCode",{parentName:"p"},"known_hosts")," into ssh secret. Here is an example of how to add it:"),(0,r.kt)("p",null,"Fetch the public key hash(take github as an example)"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"ssh-keyscan -H github.com\n")),(0,r.kt)("p",null,"And add it into secret:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-text"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: ssh-key\ntype: kubernetes.io/ssh-auth\nstringData:\n ssh-privatekey: \n known_hosts: |-\n |1|YJr1VZoi6dM0oE+zkM0do3Z04TQ=|7MclCn1fLROZG+BgR4m1r8TLwWc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n")),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"If you don't add it any server's public key will be trusted and added. (",(0,r.kt)("inlineCode",{parentName:"p"},"ssh -o stricthostkeychecking=accept-new")," will be used)")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using openssh format for the private key and you are creating it in the UI, make sure a carriage return is appended in the end of the private key.")),(0,r.kt)("h3",{id:"using-http-auth"},"Using HTTP Auth"),(0,r.kt)("p",null,"Create a secret containing username and password. You can replace the password with a personal access token if necessary. Also see ",(0,r.kt)("a",{parentName:"p",href:"./troubleshooting#http-secrets-in-github"},"HTTP secrets in Github"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic basic-auth-secret -n fleet-default --type=kubernetes.io/basic-auth --from-literal=username=$user --from-literal=password=$pat\n")),(0,r.kt)("p",null,"Just like with SSH, reference the secret in your GitRepo resource via ",(0,r.kt)("inlineCode",{parentName:"p"},"clientSecretName"),"."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"spec:\n repo: https://github.com/fleetrepoci/gitjob-private.git\n branch: main\n clientSecretName: basic-auth-secret\n")),(0,r.kt)("h2",{id:"using-private-helm-repositories"},"Using Private Helm Repositories"),(0,r.kt)("admonition",{type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"The credentials will be used unconditionally for all Helm repositories referenced by the gitrepo resource.\nMake sure you don't leak credentials by mixing public and private repositories. Use ",(0,r.kt)("a",{parentName:"p",href:"#use-different-helm-credentials-for-each-path"},"different helm credentials for each path"),",\nor split them into different gitrepos, or use ",(0,r.kt)("inlineCode",{parentName:"p"},"helmRepoURLRegex")," to limit the scope of credentials to certain servers.")),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret with the following keys:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"username")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"password")," for basic http auth if the Helm HTTP repo is behind basic auth.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"cacerts")," for custom CA bundle if the Helm repo is using a custom CA.")),(0,r.kt)("li",{parentName:"ol"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("inlineCode",{parentName:"p"},"ssh-privatekey")," for ssh private key if repo is using ssh protocol. Private key with passphase is not supported currently."))),(0,r.kt)("p",null,"For example, to add a secret in kubectl, run"),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"kubectl create secret -n $namespace generic helm --from-literal=username=foo --from-literal=password=bar --from-file=cacerts=/path/to/cacerts --from-file=ssh-privatekey=/path/to/privatekey.pem")),(0,r.kt)("p",null,"After secret is created, specify the secret to ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName"),". Make sure secret is created under the same namespace with gitrepo."),(0,r.kt)("h3",{id:"use-different-helm-credentials-for-each-path"},"Use different helm credentials for each path"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretName")," will be ignored if ",(0,r.kt)("inlineCode",{parentName:"p"},"gitRepo.spec.helmSecretNameForPaths")," is provided")),(0,r.kt)("p",null,"Create a file ",(0,r.kt)("inlineCode",{parentName:"p"},"secrets-path.yaml")," that contains credentials for each path defined in a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". Credentials will not be used\nfor paths that are not present in this file.\nThe path is the actual path to the bundle (ie to a folder containing a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file) within the git repository, which might have more segments than the entry under ",(0,r.kt)("inlineCode",{parentName:"p"},"paths:"),"."),(0,r.kt)("p",null,"Example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"path-one: # path path-one must exist in the repository\n username: user\n password: pass\npath-two: # path path-one must exist in the repository\n username: user2\n password: pass2\n caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICBNSUlEblRDQ0FvV2dBd0lCQWdJVUNwMHB2SVJTb2c0eHJKN2Q1SUI2ME1ka0k1WXdEUVlKS29aSWh2Y05BUUVMCiAgICBCUUF3WGpFTE1Ba0dBMVVFQmhNQ1FWVXhFekFSQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NCiAgICBHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2CiAgICBjbWN3SGhjTk1qTXdOREkzTVRVd056VXpXaGNOTWpnd05ESTFNVFV3TnpVeldqQmVNUXN3Q1FZRFZRUUdFd0pCCiAgICBWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwCiAgICBjeUJRZEhrZ1RIUmtNUmN3RlFZRFZRUUREQTV5WVc1amFHVnlMbTE1TG05eVp6Q0NBU0l3RFFZSktvWklodmNOCiAgICBBUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXBvZE5TMDB6NDc1dnVSc2ZZcTFRYTFHQVl3QU92anV4MERKTHY5CiAgICBrZFhwT091dGdjMU8yWUdqNUlCVGQzVmpISmFJYUg3SDR2Rm84RlBaMG9zcU9YaFg3eUM4STdBS3ZhOEE5VmVmCiAgICBJVXp6Vlo1cCs1elNxRjdtZTlOaUNiL0pVSkZLT0ZsTkF4cjZCcXhoMEIyN1VZTlpjaUIvL1V0L0I2eHJuVE55CiAgICBoRzJiNzk4bjg4bFZqY3EzbEE0djFyM3VzWGYxVG5aS2t2UEN4ZnFHYk5OdTlpTjdFZnZHOWoyekdHcWJvcDRYCiAgICBXY3VSa3N3QkgxZlRNS0ZrbGcrR1VsZkZPMGFzL3phalVOdmdweTlpdVBMZUtqZTVWcDBiMlBLd09qUENpV2d4CiAgICBabDJlVDlNRnJjV0F3NTg3emE5NDBlT1Era2pkdmVvUE5sU2k3eVJMMW96YlRka0NBd0VBQWFOVE1GRXdIUVlECiAgICBWUjBPQkJZRUZEQkNkYjE4M1hsU0tWYzBxNmJSTCt0dVNTV3lNQjhHQTFVZEl3UVlNQmFBRkRCQ2RiMTgzWGxTCiAgICBLVmMwcTZiUkwrdHVTU1d5TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCCiAgICBBQ1BCVERkZ0dCVDVDRVoxd1pnQmhKdm9GZTk2MUJqVCtMU2RxSlpsSmNRZnlnS0hyNks5ZmZaY1ZlWlBoMVU0CiAgICB3czBuWGNOZiszZGJlTjl4dVBiY0VqUWlQaFJCcnRzalE1T1JiVHdYWEdBdzlYbDZYTkl6YjN4ZDF6RWFzQXZPCiAgICBJMjM2ZHZXQ1A0dWoycWZqR0FkQjJnaXU2b2xHK01CWHlneUZKMElzRENraldLZysyWEdmU3lyci9KZU1vZlFBCiAgICB1VU9wcFVGdERYd0lrUW1VTGNVVUxWcTdtUVNQb0lzVkNNM2hKNVQzczdUSWtHUDZVcGVSSjgzdU9LbURYMkRHCiAgICBwVWVQVHBuVWVLOVMzUEVKTi9XcmJSSVd3WU1OR29qdDRKWitaK1N6VE1aVkh0SlBzaGpjL1hYOWZNU1ZXQmlzCiAgICBQRW5MU256MDQ4OGFUQm5SUFlnVXFsdz0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=\n sshPrivateKey: ICAgIC0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQogICAgTUlJRFF6Q0NBaXNDRkgxTm5YUWI5SlV6anNBR3FSc3RCYncwRlFpak1BMEdDU3FHU0liM0RRRUJDd1VBTUY0eAogICAgQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbAogICAgY201bGRDQlhhV1JuYVhSeklGQjBlU0JNZEdReEZ6QVZCZ05WQkFNTURuSmhibU5vWlhJdWJYa3ViM0puTUI0WAogICAgRFRJek1EUXlOekUxTVRBMU5Gb1hEVEkwTURReU5qRTFNVEExTkZvd1hqRUxNQWtHQTFVRUJoTUNRVlV4RXpBUgogICAgQmdOVkJBZ01DbE52YldVdFUzUmhkR1V4SVRBZkJnTlZCQW9NR0VsdWRHVnlibVYwSUZkcFpHZHBkSE1nVUhSNQogICAgSUV4MFpERVhNQlVHQTFVRUF3d09jbUZ1WTJobGNpNXRlUzV2Y21jd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQogICAgQTRJQkR3QXdnZ0VLQW9JQkFRRGd6UUJJTW8xQVFHNnFtYmozbFlYUTFnZjhYcURTbjdyM2lGcVZZZldDVWZOSwogICAgaGZwampTRGpOMmRWWEV2UXA3R0t3akFHUElFbXR5RmxyUW5rUGtnTGFSaU9jSDdNN0p2c3ZIa0Ewd0g0dzJ2QgogICAgUEp6aVlINWh2MUE2WS9NcFM5bVkvQUVxVm80TUJkdnNZQzc3MFpCbzVBMitIUEtMd1YzMVZyYlhhTytWeUJtNAogICAgSmJhZHlNUk40N3BKRWdPMjJaYVRXL3Y3S1dKdjNydGJTMlZVSkNlU0piWlpsN09ocHhLRTVocStmK0RWaU1mcQogICAgTWx4ODNEV2pVSlVkV3lqVUZYVlk0bEdVaUtrRWVtSlVuSlVyY1ErOXE1SzVaWmhyRjhoRXhKRjhiZTZjemVzeAogICAga1VWN3dKb1RjWkd2bUhYSk1FNmtrQXh4Mmh3bU8wSFcyQWdDdTJZekFnTUJBQUV3RFFZSktvWklodmNOQVFFTAogICAgQlFBRGdnRUJBS1BpTWdXc1dCTnJvRkY2aWpYL2xMM3FxaWc4TjlkR1VPWDIyRVJDU1RTekNONjM0ZTFkZUhsdQogICAgbTc5OU11Q3hvWSsyZWluNlV1cFMvTEV6cnpvU2dDVWllQzQrT3ZralF5eGJpTFR6bW1OWEFnd09TM3RvTHRGWAogICAgbytmWWpSMU9xcHVPS29kMkhiYjliczRWcXdaNHEvMlVKbXE2Q01pYjZKZUE2VFJvK2Rkc0pUM2dDOFhWL1Z1MAogICAgNnkwdjJxdTM0bm1MYjFxOHFTS1RwZXYyQmwzQUJGY3NyS0JvNHFieUM2bnBTbnpZenNYcS90SlFLclplNE4vMgogICAgUXIzd1dxQ0pDVWUrMWVsT3A2b0JVcXNWSnc3aHk3YzRLc1Fna09ERDJkc2NuNEF1NGJhWlY2QmpySm1USVY0aQogICAgeXJ1dk9oZ2lINklGUVdDWmVQM2s0MU5obWRzRTNHQT0KICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K\n")),(0,r.kt)("p",null,"Create the secret"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"kubectl create secret generic path-auth-secret -n fleet-default --from-file=secrets-path.yaml\n")),(0,r.kt)("p",null,"In the previous example credentials for username ",(0,r.kt)("inlineCode",{parentName:"p"},"user")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-one")," and credentials for username\n",(0,r.kt)("inlineCode",{parentName:"p"},"user2")," will be used for the path ",(0,r.kt)("inlineCode",{parentName:"p"},"path-two"),"."),(0,r.kt)("p",null,(0,r.kt)("inlineCode",{parentName:"p"},"caBundle")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"sshPrivateKey")," must be base64 encoded."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"If you are using ",(0,r.kt)("a",{parentName:"p",href:"https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/back-up-rancher"},'"rancher-backups"')," and want this secret to be included the backup, please add the label ",(0,r.kt)("inlineCode",{parentName:"p"},"resources.cattle.io/backup: true")," to the secret. In that case, make sure to encrypt the backup to protect sensitive credentials."),(0,r.kt)("h1",{parentName:"admonition",id:"troubleshooting"},"Troubleshooting"),(0,r.kt)("p",{parentName:"admonition"},"See Fleet Troubleshooting section ",(0,r.kt)("a",{parentName:"p",href:"/0.8/troubleshooting"},"here"),".")))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/a947fe06.7e38c425.js b/assets/js/a947fe06.7e38c425.js new file mode 100644 index 000000000..5cf3c9b1c --- /dev/null +++ b/assets/js/a947fe06.7e38c425.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[373],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},s={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=f(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||s[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>s,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"version-0.9/cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/versioned_docs/version-0.9/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/0.9/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cli/fleet-cli/fleet.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/0.9/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/0.9/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function s(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_cleanup"},"fleet cleanup"),"\t - Clean up outdated cluster registrations"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}s.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/a9e7f6cd.22233c8f.js b/assets/js/a9e7f6cd.333808f6.js similarity index 98% rename from assets/js/a9e7f6cd.22233c8f.js rename to assets/js/a9e7f6cd.333808f6.js index a8b850e12..acd20c2c7 100644 --- a/assets/js/a9e7f6cd.22233c8f.js +++ b/assets/js/a9e7f6cd.333808f6.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7169],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.4/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.4/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.4/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/installation.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.4/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7169],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,i=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),d=a,m=f["".concat(s,".").concat(d)]||f[d]||p[d]||i;return n?r.createElement(m,l(l({ref:t},u),{},{components:n})):r.createElement(m,l({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=n.length,l=new Array(i);l[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>l,default:()=>p,frontMatter:()=>i,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const i={},l="Installation",o={unversionedId:"installation",id:"version-0.4/installation",title:"Installation",description:"The installation is broken up into two different use cases: Single and",source:"@site/versioned_docs/version-0.4/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.4/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/installation.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Advanced Users",permalink:"/0.4/advanced-users"},next:{title:"Single Cluster Install",permalink:"/0.4/single-cluster-install"}},s={},c=[],u={toc:c};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"installation"},"Installation"),(0,a.kt)("p",null,"The installation is broken up into two different use cases: ",(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single")," and\n",(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-Cluster")," install. The single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,a.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ab0c1f88.f6ab6341.js b/assets/js/ab0c1f88.12ff5c4a.js similarity index 96% rename from assets/js/ab0c1f88.f6ab6341.js rename to assets/js/ab0c1f88.12ff5c4a.js index fb95be036..6c220f9f1 100644 --- a/assets/js/ab0c1f88.f6ab6341.js +++ b/assets/js/ab0c1f88.12ff5c4a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[946],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function i(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var c=n.createContext({}),l=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):i(i({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,c=e.parentName,u=a(e,["components","mdxType","originalType","parentName"]),d=l(r),m=o,f=d["".concat(c,".").concat(m)]||d[m]||p[m]||s;return r?n.createElement(f,i(i({ref:t},u),{},{components:r})):n.createElement(f,i({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,i=new Array(s);i[0]=d;var a={};for(var c in t)hasOwnProperty.call(t,c)&&(a[c]=t[c]);a.originalType=e,a.mdxType="string"==typeof e?e:o,i[1]=a;for(var l=2;l{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>s,metadata:()=>a,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},i="Custom Resources During Deployment",a={unversionedId:"resources-during-deployment",id:"version-0.8/resources-during-deployment",title:"Custom Resources During Deployment",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.8/resources-during-deployment.md",sourceDirName:".",slug:"/resources-during-deployment",permalink:"/0.8/resources-during-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/resources-during-deployment.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.8/namespaces"},next:{title:"Installation Details",permalink:"/0.8/installation"}},c={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources-during-deployment"},"Custom Resources During Deployment"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[946],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function i(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var c=n.createContext({}),l=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):i(i({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,c=e.parentName,u=a(e,["components","mdxType","originalType","parentName"]),d=l(r),m=o,f=d["".concat(c,".").concat(m)]||d[m]||p[m]||s;return r?n.createElement(f,i(i({ref:t},u),{},{components:r})):n.createElement(f,i({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,i=new Array(s);i[0]=d;var a={};for(var c in t)hasOwnProperty.call(t,c)&&(a[c]=t[c]);a.originalType=e,a.mdxType="string"==typeof e?e:o,i[1]=a;for(var l=2;l{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>s,metadata:()=>a,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},i="Custom Resources During Deployment",a={unversionedId:"resources-during-deployment",id:"version-0.8/resources-during-deployment",title:"Custom Resources During Deployment",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.8/resources-during-deployment.md",sourceDirName:".",slug:"/resources-during-deployment",permalink:"/0.8/resources-during-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/resources-during-deployment.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.8/namespaces"},next:{title:"Installation Details",permalink:"/0.8/installation"}},c={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources-during-deployment"},"Custom Resources During Deployment"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file diff --git a/assets/js/ab68c950.34eb6063.js b/assets/js/ab68c950.34eb6063.js new file mode 100644 index 000000000..f2ca8eb0c --- /dev/null +++ b/assets/js/ab68c950.34eb6063.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4765],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},5399:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.9/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.9/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.9/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/installation.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources During Deployment",permalink:"/0.9/resources-during-deployment"},next:{title:"Register Downstream Clusters",permalink:"/0.9/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)("p",null,"First add Fleet's Helm repository."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd"),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet")),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.9/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA.")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/0.9/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/0.9/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First add Fleet's Helm repository.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.9/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/0.9/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/aba71817.f4532482.js b/assets/js/aba71817.4b59f33e.js similarity index 50% rename from assets/js/aba71817.f4532482.js rename to assets/js/aba71817.4b59f33e.js index 19048d3a0..55c750293 100644 --- a/assets/js/aba71817.f4532482.js +++ b/assets/js/aba71817.4b59f33e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8813],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=l,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||o;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/docs/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-bundle-stages.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/concepts"},next:{title:"Git Repository Contents",permalink:"/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...o}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,o,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,l.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,l.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,l.kt)("ol",null,(0,l.kt)("li",{parentName:"ol"},"User will create a ",(0,l.kt)("a",{parentName:"li",href:"/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,l.kt)("a",{parentName:"li",href:"/webhook"},"webhook event"),". With every commit change, the ",(0,l.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,l.kt)("a",{parentName:"li",href:"/cluster-bundles-state#bundles"},"bundle"),".")),(0,l.kt)("blockquote",null,(0,l.kt)("p",{parentName:"blockquote"},(0,l.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,l.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,l.kt)("ol",{start:3},(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,l.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,l.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,l.kt)("li",{parentName:"ol"},"The ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,l.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,l.kt)("p",null,(0,l.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8813],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/docs/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-bundle-stages.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/concepts"},next:{title:"Git Repository Contents",permalink:"/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file diff --git a/assets/js/abf95bb4.aa69cd06.js b/assets/js/abf95bb4.9277d163.js similarity index 97% rename from assets/js/abf95bb4.aa69cd06.js rename to assets/js/abf95bb4.9277d163.js index 8d2159de5..30d03eb6b 100644 --- a/assets/js/abf95bb4.aa69cd06.js +++ b/assets/js/abf95bb4.9277d163.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7767],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),i=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=i(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},d),{},{components:n})):r.createElement(m,s({ref:t},d))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.7/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.7/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.7/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cluster-bundles-state.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.7/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.7/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7767],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),i=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=i(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},d),{},{components:n})):r.createElement(m,s({ref:t},d))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.7/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.7/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.7/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cluster-bundles-state.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.7/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.7/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ae2335f3.6ed040ba.js b/assets/js/ae2335f3.bc55c174.js similarity index 99% rename from assets/js/ae2335f3.6ed040ba.js rename to assets/js/ae2335f3.bc55c174.js index e51891b0d..0c57d1634 100644 --- a/assets/js/ae2335f3.6ed040ba.js +++ b/assets/js/ae2335f3.bc55c174.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1049],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function y(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function v(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(y,(0,a.Z)({},e,t)),r.createElement(v,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},8105:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>d,contentTitle:()=>u,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=n(7462),r=(n(7294),n(3905)),l=(n(6828),n(814)),i=n(4866),s=n(5162);const o={},u="Register Downstream Clusters",c={unversionedId:"cluster-registration",id:"cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/docs/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-registration.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/installation"},next:{title:"Create Cluster Groups",permalink:"/cluster-group"}},d={},p=[{value:"Overview",id:"overview",level:2},{value:"Agent-Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager-Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],m={toc:p};function h(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent-initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager-initiated")," registration. Typically one would\ngo with the agent-initiated registration but there are specific use cases in which\nmanager-initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent-Initiated Registration"),(0,r.kt)("p",null,"Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager-Initiated Registration"),(0,r.kt)("p",null,"Manager-initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe ",(0,r.kt)("a",{parentName:"p",href:"/architecture#security"},"cluster registration token")," is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager-initiated registration"),":\nFor manager-initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent-initiated registration the downstream cluster must have a ",(0,r.kt)("a",{parentName:"p",href:"/architecture#security"},"cluster registration token"),".\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager-initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}h.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1049],{5162:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),r=n(6010);const l="tabItem_Ymn6";function i(e){let{children:t,hidden:n,className:i}=e;return a.createElement("div",{role:"tabpanel",className:(0,r.Z)(l,i),hidden:n},t)}},4866:(e,t,n)=>{n.d(t,{Z:()=>N});var a=n(7462),r=n(7294),l=n(6010),i=n(2466),s=n(6550),o=n(1980),u=n(7392),c=n(12);function d(e){return function(e){return r.Children.map(e,(e=>{if((0,r.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:n,attributes:a,default:r}}=e;return{value:t,label:n,attributes:a,default:r}}))}function p(e){const{values:t,children:n}=e;return(0,r.useMemo)((()=>{const e=t??d(n);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,n])}function m(e){let{value:t,tabValues:n}=e;return n.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:n}=e;const a=(0,s.k6)(),l=function(e){let{queryString:t=!1,groupId:n}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!n)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return n??null}({queryString:t,groupId:n});return[(0,o._X)(l),(0,r.useCallback)((e=>{if(!l)return;const t=new URLSearchParams(a.location.search);t.set(l,e),a.replace({...a.location,search:t.toString()})}),[l,a])]}function g(e){const{defaultValue:t,queryString:n=!1,groupId:a}=e,l=p(e),[i,s]=(0,r.useState)((()=>function(e){let{defaultValue:t,tabValues:n}=e;if(0===n.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:n}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${n.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const a=n.find((e=>e.default))??n[0];if(!a)throw new Error("Unexpected error: 0 tabValues");return a.value}({defaultValue:t,tabValues:l}))),[o,u]=h({queryString:n,groupId:a}),[d,g]=function(e){let{groupId:t}=e;const n=function(e){return e?`docusaurus.tab.${e}`:null}(t),[a,l]=(0,c.Nk)(n);return[a,(0,r.useCallback)((e=>{n&&l.set(e)}),[n,l])]}({groupId:a}),k=(()=>{const e=o??d;return m({value:e,tabValues:l})?e:null})();(0,r.useLayoutEffect)((()=>{k&&s(k)}),[k]);return{selectedValue:i,selectValue:(0,r.useCallback)((e=>{if(!m({value:e,tabValues:l}))throw new Error(`Can't select invalid tab value=${e}`);s(e),u(e),g(e)}),[u,g,l]),tabValues:l}}var k=n(2389);const f="tabList__CuJ",b="tabItem_LNqP";function y(e){let{className:t,block:n,selectedValue:s,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,i.o5)(),p=e=>{const t=e.currentTarget,n=c.indexOf(t),a=u[n].value;a!==s&&(d(t),o(a))},m=e=>{var t;let n=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;n=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;n=c[t]??c[c.length-1];break}}null==(t=n)||t.focus()};return r.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,l.Z)("tabs",{"tabs--block":n},t)},u.map((e=>{let{value:t,label:n,attributes:i}=e;return r.createElement("li",(0,a.Z)({role:"tab",tabIndex:s===t?0:-1,"aria-selected":s===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},i,{className:(0,l.Z)("tabs__item",b,null==i?void 0:i.className,{"tabs__item--active":s===t})}),n??t)})))}function v(e){let{lazy:t,children:n,selectedValue:a}=e;if(n=Array.isArray(n)?n:[n],t){const e=n.find((e=>e.props.value===a));return e?(0,r.cloneElement)(e,{className:"margin-top--md"}):null}return r.createElement("div",{className:"margin-top--md"},n.map(((e,t)=>(0,r.cloneElement)(e,{key:t,hidden:e.props.value!==a}))))}function w(e){const t=g(e);return r.createElement("div",{className:(0,l.Z)("tabs-container",f)},r.createElement(y,(0,a.Z)({},e,t)),r.createElement(v,(0,a.Z)({},e,t)))}function N(e){const t=(0,k.Z)();return r.createElement(w,(0,a.Z)({key:String(t)},e))}},6828:(e,t,n)=>{n.d(t,{d:()=>a});const a={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},8105:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>d,contentTitle:()=>u,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>p});var a=n(7462),r=(n(7294),n(3905)),l=(n(6828),n(814)),i=n(4866),s=n(5162);const o={},u="Register Downstream Clusters",c={unversionedId:"cluster-registration",id:"cluster-registration",title:"Register Downstream Clusters",description:"Overview",source:"@site/docs/cluster-registration.md",sourceDirName:".",slug:"/cluster-registration",permalink:"/cluster-registration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cluster-registration.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation Details",permalink:"/installation"},next:{title:"Create Cluster Groups",permalink:"/cluster-group"}},d={},p=[{value:"Overview",id:"overview",level:2},{value:"Agent-Initiated Registration",id:"agent-initiated-registration",level:3},{value:"Manager-Initiated Registration",id:"manager-initiated-registration",level:3},{value:"Agent Initiated",id:"agent-initiated",level:2},{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:3},{value:"Install Agent For a New Cluster",id:"install-agent-for-a-new-cluster",level:3},{value:"Install Agent For a Predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:3},{value:"Create Cluster Registration Tokens",id:"create-cluster-registration-tokens",level:3},{value:"Token TTL",id:"token-ttl",level:4},{value:"Create a new Token",id:"create-a-new-token",level:4},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:4},{value:"Manager Initiated",id:"manager-initiated",level:2},{value:"Create Kubeconfig Secret",id:"create-kubeconfig-secret",level:3},{value:"Create Cluster Resource",id:"create-cluster-resource",level:3}],m={toc:p};function h(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"register-downstream-clusters"},"Register Downstream Clusters"),(0,r.kt)("h2",{id:"overview"},"Overview"),(0,r.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,r.kt)("strong",{parentName:"p"},"agent-initiated")," and ",(0,r.kt)("strong",{parentName:"p"},"manager-initiated")," registration. Typically one would\ngo with the agent-initiated registration but there are specific use cases in which\nmanager-initiated is a better workflow."),(0,r.kt)("h3",{id:"agent-initiated-registration"},"Agent-Initiated Registration"),(0,r.kt)("p",null,"Agent-initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,r.kt)("h3",{id:"manager-initiated-registration"},"Manager-Initiated Registration"),(0,r.kt)("p",null,"Manager-initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."),(0,r.kt)("h2",{id:"agent-initiated"},"Agent Initiated"),(0,r.kt)("p",null,"A downstream cluster is registered by installing an agent via helm and using the ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,r.kt)("strong",{parentName:"p"},"client ID")," or ",(0,r.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"It's not necessary to configure the fleet manager for ",(0,r.kt)("a",{parentName:"p",href:"/installation#configuration-for-multi-cluster"},"multi cluster"),", as the downstream agent we install via Helm will connect to the Kubernetes API of the upstream cluster directly."),(0,r.kt)("p",{parentName:"admonition"},"Agent-initiated registration is normally not used with Rancher.")),(0,r.kt)("h3",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,r.kt)("p",null,"The ",(0,r.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required.\nThe ",(0,r.kt)("a",{parentName:"p",href:"/architecture#security"},"cluster registration token")," is manifested as a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will be passed to the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install")," process.\nAlternatively one can pass the token directly to the helm install command via ",(0,r.kt)("inlineCode",{parentName:"p"},'--set token="$token"'),"."),(0,r.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,r.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,r.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,r.kt)("h3",{id:"install-agent-for-a-new-cluster"},"Install Agent For a New Cluster"),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,r.kt)("p",null,"First, follow the ",(0,r.kt)("a",{parentName:"p",href:"#create-cluster-registration-tokens"},"cluster registration token instructions")," to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,r.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,r.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,r.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,r.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,r.kt)("p",null,"Value in ",(0,r.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,r.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,r.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,r.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,r.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{title:"Kubectl Context",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"install-agent-for-a-predefined-cluster"},"Install Agent For a Predefined Cluster"),(0,r.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,r.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,r.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,r.kt)("p",null,"First, create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,r.kt)("p",null,"Second, follow the ","[cluster registration token instructions]","((#create-cluster-registration-tokens) to obtain the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,r.kt)("p",null,"Third, setup your environment to use the client ID."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,r.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,r.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,r.kt)("p",null,"Add Fleet's Helm repo."),(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,r.kt)("p",null,"Finally, install the agent using Helm."),(0,r.kt)(i.Z,{mdxType:"Tabs"},(0,r.kt)(s.Z,{value:"helm2",label:"Install",default:!0,mdxType:"TabItem"},(0,r.kt)(l.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent fleet/fleet-agent')),(0,r.kt)(s.Z,{value:"validate2",label:"Validate",mdxType:"TabItem"},"You can check that status of the fleet pods by running the below commands.",(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")))),"The agent should now be deployed.",(0,r.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,r.kt)("a",{parentName:"p",href:"/namespaces"},"namespace"),". Please ensure your ",(0,r.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z\n")),(0,r.kt)("h3",{id:"create-cluster-registration-tokens"},"Create Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager-initiated registration"),":\nFor manager-initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent-initiated registration the downstream cluster must have a ",(0,r.kt)("a",{parentName:"p",href:"/architecture#security"},"cluster registration token"),".\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h4",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h4",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h4",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."),(0,r.kt)("h2",{id:"manager-initiated"},"Manager Initiated"),(0,r.kt)("p",null,"The manager-initiated registration flow is accomplished by creating a\n",(0,r.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet Manager that refers to a Kubernetes\n",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," containing a valid kubeconfig file in the data field called ",(0,r.kt)("inlineCode",{parentName:"p"},"value"),"."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"If you are using Fleet standalone ",(0,r.kt)("em",{parentName:"p"},"without Rancher"),", it must be installed as described in ",(0,r.kt)("a",{parentName:"p",href:"/installation#configuration-for-multi-cluster"},"installation details"),"."),(0,r.kt)("p",{parentName:"admonition"},"The manager-initiated registration is used when you add a cluster from the Rancher dashboard.")),(0,r.kt)("h3",{id:"create-kubeconfig-secret"},"Create Kubeconfig Secret"),(0,r.kt)("p",null,"The format of this secret is intended to match the ",(0,r.kt)("a",{parentName:"p",href:"https://cluster-api.sigs.k8s.io/developer/architecture/controllers/cluster.html#secrets"},"format")," of the kubeconfig\nsecret used in ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),".\nThis means you can use ",(0,r.kt)("inlineCode",{parentName:"p"},"cluster-api")," to create a cluster that is dynamically registered with Fleet."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Kubeconfig Secret Example"',title:'"Kubeconfig',Secret:!0,'Example"':!0},"kind: Secret\napiVersion: v1\nmetadata:\n name: my-cluster-kubeconfig\n namespace: clusters\ndata:\n value: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIHNlcnZlcjogaHR0cHM6Ly9leGFtcGxlLmNvbTo2NDQzCiAgbmFtZTogY2x1c3Rlcgpjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogY2x1c3RlcgogICAgdXNlcjogdXNlcgogIG5hbWU6IGRlZmF1bHQKY3VycmVudC1jb250ZXh0OiBkZWZhdWx0CmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogdXNlcgogIHVzZXI6CiAgICB0b2tlbjogc29tZXRoaW5nCg==\n")),(0,r.kt)("h3",{id:"create-cluster-resource"},"Create Cluster Resource"),(0,r.kt)("p",null,"The cluster resource needs to reference the kubeconfig secret."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="Cluster Resource Example"',title:'"Cluster',Resource:!0,'Example"':!0},'apiVersion: fleet.cattle.io/v1alpha1\nkind: Cluster\nmetadata:\n name: my-cluster\n namespace: clusters\n labels:\n demo: "true"\n env: dev\nspec:\n kubeConfigSecret: my-cluster-kubeconfig\n')))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/aee07340.5c8f1561.js b/assets/js/aee07340.647fe1f7.js similarity index 98% rename from assets/js/aee07340.5c8f1561.js rename to assets/js/aee07340.647fe1f7.js index 37bf85a00..824eefac6 100644 --- a/assets/js/aee07340.5c8f1561.js +++ b/assets/js/aee07340.647fe1f7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4777],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),d=r,h=c["".concat(s,".").concat(d)]||c[d]||m[d]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Mapping to Downstream Clusters",i={unversionedId:"gitrepo-targets",id:"version-0.7/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.7/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.7/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/gitrepo-targets.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.7/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.7/bundle-diffs"}},s={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Supported Customizations",id:"supported-customizations",level:3},{value:"Additional Examples",id:"additional-examples",level:2}],u={toc:p};function m(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style\nIf no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"targets:")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource select clusters to deploy on. The ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations:")," in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," override Helm values only and do not change targeting.")),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),":")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h3",{id:"supported-customizations"},"Supported Customizations"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"DefaultNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ForceSyncGeneration"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"KeepResources"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ServiceAccount"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"TargetNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Atomic"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Chart"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.DisablePreProcess"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Force"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ReleaseName"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Repo"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TakeOwnership"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TimeoutSeconds"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ValuesFrom"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Values"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Version")),(0,r.kt)("admonition",{parentName:"li",title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will\ndeploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed\netcd's configured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details."))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.WaitForJobs"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#kustomizeoptions"},"Kustomize.Dir"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#yamloptions"},"YAML.Overlays"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#diffoptions"},"Diff.ComparePatches")))),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4777],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),d=r,h=c["".concat(s,".").concat(d)]||c[d]||m[d]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Mapping to Downstream Clusters",i={unversionedId:"gitrepo-targets",id:"version-0.7/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/versioned_docs/version-0.7/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.7/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/gitrepo-targets.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/0.7/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.7/bundle-diffs"}},s={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Supported Customizations",id:"supported-customizations",level:3},{value:"Additional Examples",id:"additional-examples",level:2}],u={toc:p};function m(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style\nIf no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"targets:")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource select clusters to deploy on. The ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations:")," in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," override Helm values only and do not change targeting.")),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),":")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h3",{id:"supported-customizations"},"Supported Customizations"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"DefaultNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ForceSyncGeneration"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"KeepResources"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ServiceAccount"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"TargetNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Atomic"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Chart"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.DisablePreProcess"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Force"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ReleaseName"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Repo"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TakeOwnership"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TimeoutSeconds"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ValuesFrom"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Values"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Version")),(0,r.kt)("admonition",{parentName:"li",title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will\ndeploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed\netcd's configured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details."))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.WaitForJobs"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#kustomizeoptions"},"Kustomize.Dir"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#yamloptions"},"YAML.Overlays"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#diffoptions"},"Diff.ComparePatches")))),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/af10d9fb.b921adb6.js b/assets/js/af10d9fb.221047c7.js similarity index 98% rename from assets/js/af10d9fb.b921adb6.js rename to assets/js/af10d9fb.221047c7.js index 0cafb861f..44310d0f1 100644 --- a/assets/js/af10d9fb.b921adb6.js +++ b/assets/js/af10d9fb.221047c7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3632],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>u});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var s=n.createContext({}),c=function(e){var t=n.useContext(s),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(r),u=l,m=d["".concat(s,".").concat(u)]||d[u]||f[u]||o;return r?n.createElement(m,a(a({ref:t},p),{},{components:r})):n.createElement(m,a({ref:t},p))}));function u(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=r.length,a=new Array(o);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{r.r(t),r.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var n=r(7462),l=(r(7294),r(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/docs/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_apply.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --correct-drift Rollback any change made from outside of Fleet\n --correct-drift-force Use --force when correcting drift. Resources can be deleted and recreated\n --correct-drift-keep-fail-history Keep helm history for failed rollbacks\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n --helm-credentials-by-path-file string Path of file containing helm credentials for paths\n --helm-repo-url-regex string Helm credentials will be used if the helm repo matches this regex. Credentials will always be used if this is empty or not provided\n -h, --help help for apply\n --keep-resources Keep resources created after the GitRepo or Bundle is deleted\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3632],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>u});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var s=n.createContext({}),c=function(e){var t=n.useContext(s),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(r),u=l,m=d["".concat(s,".").concat(u)]||d[u]||f[u]||o;return r?n.createElement(m,a(a({ref:t},p),{},{components:r})):n.createElement(m,a({ref:t},p))}));function u(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=r.length,a=new Array(o);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{r.r(t),r.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var n=r(7462),l=(r(7294),r(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/docs/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_apply.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --correct-drift Rollback any change made from outside of Fleet\n --correct-drift-force Use --force when correcting drift. Resources can be deleted and recreated\n --correct-drift-keep-fail-history Keep helm history for failed rollbacks\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n --helm-credentials-by-path-file string Path of file containing helm credentials for paths\n --helm-repo-url-regex string Helm credentials will be used if the helm repo matches this regex. Credentials will always be used if this is empty or not provided\n -h, --help help for apply\n --keep-resources Keep resources created after the GitRepo or Bundle is deleted\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/af48bdba.c350920a.js b/assets/js/af48bdba.2875e1c7.js similarity index 96% rename from assets/js/af48bdba.c350920a.js rename to assets/js/af48bdba.2875e1c7.js index 7df0735fb..c5fb37189 100644 --- a/assets/js/af48bdba.c350920a.js +++ b/assets/js/af48bdba.2875e1c7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[964],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.5/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.5/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.5/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-bundles-state.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.5/imagescan"},next:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[964],{3905:(e,t,n)=>{n.d(t,{Zo:()=>i,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),d=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},i=function(e){var t=d(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,i=o(e,["components","mdxType","originalType","parentName"]),c=d(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},i),{},{components:n})):r.createElement(m,s({ref:t},i))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var d=2;d{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>d});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle state",o={unversionedId:"cluster-bundles-state",id:"version-0.5/cluster-bundles-state",title:"Cluster and Bundle state",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.5/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.5/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-bundles-state.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Image scan",permalink:"/0.5/imagescan"},next:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"}},u={},d=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],i={toc:d};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},i,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/afc4945b.fe7ee9fc.js b/assets/js/afc4945b.fe7ee9fc.js new file mode 100644 index 000000000..1c667fb92 --- /dev/null +++ b/assets/js/afc4945b.fe7ee9fc.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6516],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,o=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||o;return r?n.createElement(m,a(a({ref:t},f),{},{components:r})):n.createElement(m,a({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=r.length,a=new Array(o);a[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>a,default:()=>p,frontMatter:()=>o,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const o={title:"",sidebar_label:"fleet-manager"},a=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.9/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.9/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.9/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.9/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.9/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable local cluster components\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b0423865.a1620667.js b/assets/js/b0423865.a1620667.js new file mode 100644 index 000000000..158e7e6e8 --- /dev/null +++ b/assets/js/b0423865.a1620667.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4939],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.9/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.9/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.9/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/imagescan.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.9/webhook"},next:{title:"Create a Bundle Resource",permalink:"/0.9/bundle-add"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order\n- policy:\n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver:\n range: "*"\n # can use ascending or descending order\n alphabetical:\n order: asc\n\n # specify images to scan\n image: "your.registry.com/repo/image"\n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret\n\n # Specify the scan interval\n interval: 5m\n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples\n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m\n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret\n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b2456c44.ce6230bd.js b/assets/js/b2456c44.7ac81ca7.js similarity index 99% rename from assets/js/b2456c44.ce6230bd.js rename to assets/js/b2456c44.7ac81ca7.js index dd442e648..b328df6fb 100644 --- a/assets/js/b2456c44.ce6230bd.js +++ b/assets/js/b2456c44.7ac81ca7.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1760],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function r(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=o,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||l;return n?a.createElement(f,r(r({ref:t},c),{},{components:n})):a.createElement(f,r({ref:t},c))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,r=new Array(l);r[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>s,toc:()=>u});var a=n(7462),o=(n(7294),n(3905));const l={},r="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/docs/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-fleet-yaml.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/ref-crds"},next:{title:"GitRepo Resource",permalink:"/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,o.kt)("p",null,"For more information on how to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,o.kt)("a",{parentName:"p",href:"/gitrepo-content"},"Git Repository Contents"),"."),(0,o.kt)("p",null,"The content of the fleet.yaml corresponds to the struct at ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/b501b7e7864d37e310dfcdb109c73e5aec4240bb/pkg/bundlereader/read.go#L132-L139"},"pkg/bundlereader/read.go"),", which contains the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,o.kt)("h3",{id:"reference"},"Reference"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# namespaceLabels are labels that will be appended to the namespace created by Fleet.\nnamespaceLabels:\n key: value\n# namespaceAnnotations are annotations that will be appended to the namespace created by Fleet.\nnamespaceAnnotations:\n key: value\n\n# Optional map of labels, that are set at the bundle and can be used in a\n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n ### These options control how "fleet apply" downloads the chart\n #\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n\n ### These options only work for helm-type bundles\n #\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default\n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n\n ### These options control how fleet-agent deploys the bundle, they also apply for kustomize- and manifest-style bundles.\n #\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # Disable DNS resolution in Helm\'s template functions\n disableDNS: false\n # Skip evaluation of the values.schema.json file\n skipSchemaValidation: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector:\n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. When using Fleet in\n # Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.\n clusterName: dev-cluster\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # Resources will not be deployed in the matched clusters if doNotDeploy is true.\n doNotDeploy: false\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n # Note: Bundle names are limited to 53 characters long. If longer they will be shortened:\n # opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n\n# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources\n# makes the Bundle to be in an error state when it shouldn\'t.\nignore:\n # Conditions to be ignored\n conditions:\n # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}\n - type: Active\n status: "False"\n\n# Override targets defined in the GitRepo. The Bundle will not have any targets from the GitRepo if overrideTargets is provided.\noverrideTargets:\n - clusterSelector:\n matchLabels:\n env: dev\n\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1760],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function r(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=o,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||l;return n?a.createElement(f,r(r({ref:t},c),{},{components:n})):a.createElement(f,r({ref:t},c))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,r=new Array(l);r[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>s,toc:()=>u});var a=n(7462),o=(n(7294),n(3905));const l={},r="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/docs/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-fleet-yaml.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/ref-crds"},next:{title:"GitRepo Resource",permalink:"/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,o.kt)("p",null,"For more information on how to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,o.kt)("a",{parentName:"p",href:"/gitrepo-content"},"Git Repository Contents"),"."),(0,o.kt)("p",null,"The content of the fleet.yaml corresponds to the struct at ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/b501b7e7864d37e310dfcdb109c73e5aec4240bb/pkg/bundlereader/read.go#L132-L139"},"pkg/bundlereader/read.go"),", which contains the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,o.kt)("h3",{id:"reference"},"Reference"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# namespaceLabels are labels that will be appended to the namespace created by Fleet.\nnamespaceLabels:\n key: value\n# namespaceAnnotations are annotations that will be appended to the namespace created by Fleet.\nnamespaceAnnotations:\n key: value\n\n# Optional map of labels, that are set at the bundle and can be used in a\n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n ### These options control how "fleet apply" downloads the chart\n #\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n\n ### These options only work for helm-type bundles\n #\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default\n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n\n ### These options control how fleet-agent deploys the bundle, they also apply for kustomize- and manifest-style bundles.\n #\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # Disable DNS resolution in Helm\'s template functions\n disableDNS: false\n # Skip evaluation of the values.schema.json file\n skipSchemaValidation: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector:\n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. When using Fleet in\n # Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.\n clusterName: dev-cluster\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # Resources will not be deployed in the matched clusters if doNotDeploy is true.\n doNotDeploy: false\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n # Note: Bundle names are limited to 53 characters long. If longer they will be shortened:\n # opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n\n# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources\n# makes the Bundle to be in an error state when it shouldn\'t.\nignore:\n # Conditions to be ignored\n conditions:\n # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}\n - type: Active\n status: "False"\n\n# Override targets defined in the GitRepo. The Bundle will not have any targets from the GitRepo if overrideTargets is provided.\noverrideTargets:\n - clusterSelector:\n matchLabels:\n env: dev\n\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b283d2e2.03880b94.js b/assets/js/b283d2e2.e6765971.js similarity index 98% rename from assets/js/b283d2e2.03880b94.js rename to assets/js/b283d2e2.e6765971.js index 4315f8efb..5c04965dd 100644 --- a/assets/js/b283d2e2.03880b94.js +++ b/assets/js/b283d2e2.e6765971.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5479],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,r=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=o,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||r;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=n.length,l=new Array(r);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>r,metadata:()=>s,toc:()=>u});var a=n(7462),o=(n(7294),n(3905));const r={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.8/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.8/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.8/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-fleet-yaml.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.8/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.8/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,o.kt)("p",null,"For more information on how to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,o.kt)("a",{parentName:"p",href:"/0.8/gitrepo-content"},"Git Repository Contents"),"."),(0,o.kt)("p",null,"The content of the fleet.yaml corresponds to the struct at ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/b501b7e7864d37e310dfcdb109c73e5aec4240bb/pkg/bundlereader/read.go#L132-L139"},"pkg/bundlereader/read.go"),", which contains the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,o.kt)("h3",{id:"reference"},"Reference"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# namespaceLabels are labels that will be appended to the namespace created by Fleet.\nnamespaceLabels:\n key: value\n# namespaceAnnotations are annotations that will be appended to the namespace created by Fleet.\nnamespaceAnnotations:\n key: value\n\n# Optional map of labels, that are set at the bundle and can be used in a\n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n ### These options control how "fleet apply" downloads the chart\n #\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n\n ### These options only work for helm-type bundles\n #\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default\n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n\n ### These options control how fleet-agent deploys the bundle, they also apply for kustomize- and manifest-style bundles.\n #\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector:\n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. When using Fleet in\n # Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.\n clusterName: dev-cluster\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # Resources will not be deployed in the matched clusters if doNotDeploy is true.\n doNotDeploy: false\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n # Note: Bundle names are limited to 53 characters long. If longer they will be shortened:\n # opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n\n# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources\n# makes the Bundle to be in an error state when it shouldn\'t.\nignore:\n # Conditions to be ignored\n conditions:\n # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}\n - type: Active\n status: "False"\n\n# Override targets defined in the GitRepo. The Bundle will not have any targets from the GitRepo if overrideTargets is provided.\noverrideTargets:\n - clusterSelector:\n matchLabels:\n env: dev\n\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5479],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function l(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var i=a.createContext({}),u=function(e){var t=a.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(i.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},p=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,r=e.originalType,i=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),p=u(n),m=o,f=p["".concat(i,".").concat(m)]||p[m]||d[m]||r;return n?a.createElement(f,l(l({ref:t},c),{},{components:n})):a.createElement(f,l({ref:t},c))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var r=n.length,l=new Array(r);l[0]=p;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var u=2;u{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>d,frontMatter:()=>r,metadata:()=>s,toc:()=>u});var a=n(7462),o=(n(7294),n(3905));const r={},l="fleet.yaml",s={unversionedId:"ref-fleet-yaml",id:"version-0.8/ref-fleet-yaml",title:"fleet.yaml",description:"The fleet.yaml file adds options to a bundle. Any directory with a fleet.yaml is automatically turned into bundle.",source:"@site/versioned_docs/version-0.8/ref-fleet-yaml.md",sourceDirName:".",slug:"/ref-fleet-yaml",permalink:"/0.8/ref-fleet-yaml",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-fleet-yaml.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources Spec",permalink:"/0.8/ref-crds"},next:{title:"GitRepo Resource",permalink:"/0.8/ref-gitrepo"}},i={},u=[{value:"Reference",id:"reference",level:3}],c={toc:u};function d(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"fleetyaml"},"fleet.yaml"),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file adds options to a bundle. Any directory with a ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is automatically turned into bundle."),(0,o.kt)("p",null,"For more information on how to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to customize bundles see ",(0,o.kt)("a",{parentName:"p",href:"/0.8/gitrepo-content"},"Git Repository Contents"),"."),(0,o.kt)("p",null,"The content of the fleet.yaml corresponds to the struct at ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/b501b7e7864d37e310dfcdb109c73e5aec4240bb/pkg/bundlereader/read.go#L132-L139"},"pkg/bundlereader/read.go"),", which contains the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),"."),(0,o.kt)("h3",{id:"reference"},"Reference"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\n# namespaceLabels are labels that will be appended to the namespace created by Fleet.\nnamespaceLabels:\n key: value\n# namespaceAnnotations are annotations that will be appended to the namespace created by Fleet.\nnamespaceAnnotations:\n key: value\n\n# Optional map of labels, that are set at the bundle and can be used in a\n# dependsOn.selector\nlabels:\n key: value\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n ### These options control how "fleet apply" downloads the chart\n #\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n\n ### These options only work for helm-type bundles\n #\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n # The variable\'s value will be an empty string if the referenced cluster label does not\n # exist on the targeted cluster\n variableName: global.fleet.clusterLabels.LABELNAME\n # It is possible to specify the keys and values as go template strings for\n # advanced templating needs. Most of the functions from the sprig templating\n # library are available. Note, if the functions output changes with every\n # call, e.g. `uuidv4`, the bundle will get redeployed.\n # The template context has following keys.\n # `.ClusterValues` are retrieved from target cluster\'s `spec.templateValues`\n # `.ClusterLabels` and `.ClusterAnnotations` are the labels and annoations in the cluster resource.\n # `.ClusterName` as the fleet\'s cluster resource name.\n # `.ClusterNamespace` as the namespace in which the cluster resource exists.\n # Note: The fleet.yaml must be valid yaml. Templating uses ${ } as delims,\n # unlike helm which uses {{ }}.\n templatedLabel: "${ .ClusterLabels.LABELNAME }-foo"\n valueFromEnv:\n "${ .ClusterLabels.ENV }": ${ .ClusterValues.someValue | upper | quote }\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets defined in the downstream clusters\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default\n key: values.yaml\n - secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n\n ### These options control how fleet-agent deploys the bundle, they also apply for kustomize- and manifest-style bundles.\n #\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # Makes helm skip the check for its own annotations\n takeOwnership: false\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n # Disable go template pre-processing on the fleet values\n disablePreProcess: false\n # if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready.\n # It will wait for as long as timeoutSeconds\n waitForJobs: true\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector:\n clusterSelector:\n matchLabels:\n env: prod\n\n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. When using Fleet in\n # Rancher, make sure to put the name of the clusters.fleet.cattle.io resource.\n clusterName: dev-cluster\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # Resources will not be deployed in the matched clusters if doNotDeploy is true.\n doNotDeploy: false\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n # Note: Bundle names are limited to 53 characters long. If longer they will be shortened:\n # opni-fleet-examples-fleets-opni-ui-plugin-operator-crd becomes opni-fleet-examples-fleets-opni-ui-plugin-opera-021f7\n - name: one-multi-cluster-hello-world\n # Select bundles to depend on based on their label.\n - selector:\n matchLabels:\n app: weak-monkey\n\n# Ignore fields when monitoring a Bundle. This can be used when Fleet thinks some conditions in Custom Resources\n# makes the Bundle to be in an error state when it shouldn\'t.\nignore:\n # Conditions to be ignored\n conditions:\n # In this example a condition will be ignored if it contains {"type": "Active", "status", "False"}\n - type: Active\n status: "False"\n\n# Override targets defined in the GitRepo. The Bundle will not have any targets from the GitRepo if overrideTargets is provided.\noverrideTargets:\n - clusterSelector:\n matchLabels:\n env: dev\n\n')))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b32c755c.9f35a2cd.js b/assets/js/b32c755c.6c92acdd.js similarity index 99% rename from assets/js/b32c755c.9f35a2cd.js rename to assets/js/b32c755c.6c92acdd.js index 1ad15626f..b261530e8 100644 --- a/assets/js/b32c755c.9f35a2cd.js +++ b/assets/js/b32c755c.6c92acdd.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[859],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.5/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.5/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.5/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/bundle-diffs.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.5/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[859],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs for Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.5/bundle-diffs",title:"Generating Diffs for Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.5/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.5/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/bundle-diffs.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"},next:{title:"Webhook",permalink:"/0.5/webhook"}},l={},p=[{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-for-modified-gitrepos"},"Generating Diffs for Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec. "),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")," "),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and "),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/b60b3bd8.3b97e24a.js b/assets/js/b60b3bd8.b0d16de8.js similarity index 96% rename from assets/js/b60b3bd8.3b97e24a.js rename to assets/js/b60b3bd8.b0d16de8.js index a76c2e5b4..a301a1045 100644 --- a/assets/js/b60b3bd8.3b97e24a.js +++ b/assets/js/b60b3bd8.b0d16de8.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4917],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.4/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.4/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.4/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-group.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"},next:{title:"Namespaces",permalink:"/0.4/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4917],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.4/cluster-group",title:"Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.4/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.4/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-group.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"},next:{title:"Namespaces",permalink:"/0.4/namespaces"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-groups"},"Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b7ae13b2.8bf81870.js b/assets/js/b7ae13b2.c3395cfe.js similarity index 96% rename from assets/js/b7ae13b2.8bf81870.js rename to assets/js/b7ae13b2.c3395cfe.js index 3c946039e..c99c8f76e 100644 --- a/assets/js/b7ae13b2.8bf81870.js +++ b/assets/js/b7ae13b2.c3395cfe.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6588],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=s(n),d=l,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/docs/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/uninstall.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/tut-deployment"},next:{title:"Architecture",permalink:"/architecture"}},c={},s=[],p={toc:s};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6588],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=s(n),d=l,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/docs/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/uninstall.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/tut-deployment"},next:{title:"Architecture",permalink:"/architecture"}},c={},s=[],p={toc:s};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b8f3160f.d994919e.js b/assets/js/b8f3160f.57fd4e62.js similarity index 99% rename from assets/js/b8f3160f.d994919e.js rename to assets/js/b8f3160f.57fd4e62.js index 90c34d8bb..617f70f69 100644 --- a/assets/js/b8f3160f.d994919e.js +++ b/assets/js/b8f3160f.57fd4e62.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8711],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),d=r,h=c["".concat(s,".").concat(d)]||c[d]||m[d]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Mapping to Downstream Clusters",i={unversionedId:"gitrepo-targets",id:"gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/docs/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-targets.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/bundle-diffs"}},s={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Supported Customizations",id:"supported-customizations",level:3},{value:"Additional Examples",id:"additional-examples",level:2}],u={toc:p};function m(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style\nIf no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n # Match everything\n - clusterSelector: {}\n # Selector ignored\n - clusterSelector: null\n")),(0,r.kt)("p",null,"You can also match clusters by name:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n - clusterName: fleetname\n")),(0,r.kt)("p",null,"When using Fleet in Rancher, make sure to put the name of the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource."),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"targets:")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource select clusters to deploy on. The ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations:")," in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," override Helm values only and do not change targeting.")),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),":")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h3",{id:"supported-customizations"},"Supported Customizations"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"DefaultNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ForceSyncGeneration"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"KeepResources"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ServiceAccount"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"TargetNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Atomic"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Chart"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.DisablePreProcess"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Force"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ReleaseName"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Repo"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TakeOwnership"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TimeoutSeconds"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ValuesFrom"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Values"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Version")),(0,r.kt)("admonition",{parentName:"li",title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will\ndeploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed\netcd's configured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details."))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.WaitForJobs"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#kustomizeoptions"},"Kustomize.Dir"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#yamloptions"},"YAML.Overlays"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#diffoptions"},"Diff.ComparePatches")))),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8711],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>d});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),d=r,h=c["".concat(s,".").concat(d)]||c[d]||m[d]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function d(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Mapping to Downstream Clusters",i={unversionedId:"gitrepo-targets",id:"gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Fleet in Rancher allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration.",source:"@site/docs/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/gitrepo-targets.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create a GitRepo Resource",permalink:"/gitrepo-add"},next:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/bundle-diffs"}},s={},p=[{value:"Defining Targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default Target",id:"default-target",level:2},{value:"Customization per Cluster",id:"customization-per-cluster",level:2},{value:"Supported Customizations",id:"supported-customizations",level:3},{value:"Additional Examples",id:"additional-examples",level:2}],u={toc:p};function m(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,r.kt)("p",null,(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style\nIf no targets are specified, i.e. when using a single-cluster, the bundles target the default cluster group.")),(0,r.kt)("p",null,"When deploying ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,r.kt)("h2",{id:"defining-targets"},"Defining Targets"),(0,r.kt)("p",null,"The deployment targets of ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n # A specific cluster by name that will be selected\n clusterName: cluster1\n')),(0,r.kt)("h2",{id:"target-matching"},"Target Matching"),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,r.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n # Match everything\n - clusterSelector: {}\n # Selector ignored\n - clusterSelector: null\n")),(0,r.kt)("p",null,"You can also match clusters by name:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n - clusterName: fleetname\n")),(0,r.kt)("p",null,"When using Fleet in Rancher, make sure to put the name of the ",(0,r.kt)("inlineCode",{parentName:"p"},"clusters.fleet.cattle.io")," resource."),(0,r.kt)("h2",{id:"default-target"},"Default Target"),(0,r.kt)("p",null,"If no target is set for the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,r.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."),(0,r.kt)("h2",{id:"customization-per-cluster"},"Customization per Cluster"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"The ",(0,r.kt)("inlineCode",{parentName:"p"},"targets:")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," resource select clusters to deploy on. The ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations:")," in ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," override Helm values only and do not change targeting.")),(0,r.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters with customization using Fleet, we will use ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml"),"."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,r.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,r.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,r.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Expected behavior:")),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,r.kt)("li",{parentName:"ul"},"After deploying to the ",(0,r.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,r.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,r.kt)("ol",null,(0,r.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,r.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,r.kt)("li",{parentName:"ol"},"Under ",(0,r.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,r.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),":")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"Result:")),(0,r.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,r.kt)("blockquote",null,(0,r.kt)("p",{parentName:"blockquote"},(0,r.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,r.kt)("h3",{id:"supported-customizations"},"Supported Customizations"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"DefaultNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ForceSyncGeneration"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"KeepResources"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"ServiceAccount"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#bundledeploymentoptions"},"TargetNamespace"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Atomic"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Chart"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.DisablePreProcess"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Force"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ReleaseName"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Repo"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TakeOwnership"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.TimeoutSeconds"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.ValuesFrom"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Values"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.Version")),(0,r.kt)("admonition",{parentName:"li",title:"important information",type:"warning"},(0,r.kt)("p",{parentName:"admonition"},"Overriding the version of a Helm chart via target customizations will lead to bundles containing ",(0,r.kt)("em",{parentName:"p"},"all")," versions, ie the\ndefault one and the custom one(s), of the chart, to accommodate all clusters. This in turn means that Fleet will\ndeploy larger bundles."),(0,r.kt)("p",{parentName:"admonition"},"As Fleet stores bundles via etcd, this may cause issues on some clusters where resultant bundle sizes may exceed\netcd's configured maximum blob size. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/issues/1650"},"this issue")," for more details."))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#helmoptions"},"Helm.WaitForJobs"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#kustomizeoptions"},"Kustomize.Dir"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#yamloptions"},"YAML.Overlays"))),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},(0,r.kt)("a",{parentName:"p",href:"/ref-crds#diffoptions"},"Diff.ComparePatches")))),(0,r.kt)("h2",{id:"additional-examples"},"Additional Examples"),(0,r.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/b9a03c38.6e2b5b62.js b/assets/js/b9a03c38.1826b2ee.js similarity index 98% rename from assets/js/b9a03c38.6e2b5b62.js rename to assets/js/b9a03c38.1826b2ee.js index aa94b12dd..08953fc6d 100644 --- a/assets/js/b9a03c38.6e2b5b62.js +++ b/assets/js/b9a03c38.1826b2ee.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4581],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.5/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.5/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.5/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/examples.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.5/architecture"},next:{title:"Overview",permalink:"/0.5/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.5/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.5/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.5/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4581],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>d});var l=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);t&&(l=l.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,l)}return n}function o(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(l=0;l=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=l.createContext({}),p=function(e){var t=l.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},c=function(e){var t=p(e.components);return l.createElement(s.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return l.createElement(l.Fragment,{},t)}},u=l.forwardRef((function(e,t){var n=e.components,a=e.mdxType,r=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),u=p(n),d=a,h=u["".concat(s,".").concat(d)]||u[d]||m[d]||r;return n?l.createElement(h,o(o({ref:t},c),{},{components:n})):l.createElement(h,o({ref:t},c))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var r=n.length,o=new Array(r);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>m,frontMatter:()=>r,metadata:()=>i,toc:()=>p});var l=n(7462),a=(n(7294),n(3905));const r={},o="Examples",i={unversionedId:"examples",id:"version-0.5/examples",title:"Examples",description:"Lifecycle of a Fleet Bundle",source:"@site/versioned_docs/version-0.5/examples.md",sourceDirName:".",slug:"/examples",permalink:"/0.5/examples",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/examples.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.5/architecture"},next:{title:"Overview",permalink:"/0.5/cluster-overview"}},s={},p=[{value:"Lifecycle of a Fleet Bundle",id:"lifecycle-of-a-fleet-bundle",level:3},{value:"Deploy Kubernetes Manifests Across Clusters with Customization",id:"deploy-kubernetes-manifests-across-clusters-with-customization",level:3},{value:"Additional Examples",id:"additional-examples",level:3}],c={toc:p};function m(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,l.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"examples"},"Examples"),(0,a.kt)("h3",{id:"lifecycle-of-a-fleet-bundle"},"Lifecycle of a Fleet Bundle"),(0,a.kt)("p",null,"To demonstrate the lifecycle of a Fleet bundle, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"User will create a ",(0,a.kt)("a",{parentName:"li",href:"/0.5/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,a.kt)("a",{parentName:"li",href:"/0.5/webhook"},"webhook event"),". With every commit change, the ",(0,a.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,a.kt)("a",{parentName:"li",href:"/0.5/cluster-bundles-state#bundles"},"bundle"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,a.kt)("ol",{start:3},(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,a.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,a.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,a.kt)("li",{parentName:"ol"},"The ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,a.kt)("h3",{id:"deploy-kubernetes-manifests-across-clusters-with-customization"},"Deploy Kubernetes Manifests Across Clusters with Customization"),(0,a.kt)("p",null,(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/"},"Fleet in Rancher")," allows users to manage clusters easily as if they were one cluster. Users can deploy bundles, which can be comprised of deployment manifests or any other Kubernetes resource, across clusters using grouping configuration."),(0,a.kt)("p",null,"To demonstrate how to deploy Kubernetes manifests across different clusters using Fleet, we will use ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/blob/master/multi-cluster/helm/fleet.yaml"},"multi-cluster/helm/fleet.yaml")," as a case study."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Situation:")," User has three clusters with three different labels: ",(0,a.kt)("inlineCode",{parentName:"p"},"env=dev"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"env=test"),", and ",(0,a.kt)("inlineCode",{parentName:"p"},"env=prod"),". User wants to deploy a frontend application with a backend database across these clusters. "),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Expected behavior:")," "),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"dev")," cluster, database replication is not enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"test")," cluster, database replication is enabled."),(0,a.kt)("li",{parentName:"ul"},"After deploying to the ",(0,a.kt)("inlineCode",{parentName:"li"},"prod")," cluster, database replication is enabled and Load balancer services are exposed.")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Advantage of Fleet:")),(0,a.kt)("p",null,"Instead of deploying the app on each cluster, Fleet allows you to deploy across all clusters following these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Deploy gitRepo ",(0,a.kt)("inlineCode",{parentName:"li"},"https://github.com/rancher/fleet-examples.git")," and specify the path ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),"."),(0,a.kt)("li",{parentName:"ol"},"Under ",(0,a.kt)("inlineCode",{parentName:"li"},"multi-cluster/helm"),", a Helm chart will deploy the frontend app service and backend database service."),(0,a.kt)("li",{parentName:"ol"},"The following rule will be defined in ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet.yaml"),": ")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"targetCustomizations:\n- name: dev\n helm:\n values:\n replication: false\n clusterSelector:\n matchLabels:\n env: dev\n\n- name: test\n helm:\n values:\n replicas: 3\n clusterSelector:\n matchLabels:\n env: test\n\n- name: prod\n helm:\n values:\n serviceType: LoadBalancer\n replicas: 3\n clusterSelector:\n matchLabels:\n env: prod\n")),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Result:")),(0,a.kt)("p",null,"Fleet will deploy the Helm chart with your customized ",(0,a.kt)("inlineCode",{parentName:"p"},"values.yaml")," to the different clusters."),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Note:")," Configuration management is not limited to deployments but can be expanded to general configuration management. Fleet is able to apply configuration management through customization among any set of clusters automatically.")),(0,a.kt)("h3",{id:"additional-examples"},"Additional Examples"),(0,a.kt)("p",null,"Examples using raw Kubernetes YAML, Helm charts, Kustomize, and combinations\nof the three are in the ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/"},"Fleet Examples repo"),"."))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/bcd76598.3b29350b.js b/assets/js/bcd76598.3b29350b.js new file mode 100644 index 000000000..17b74b118 --- /dev/null +++ b/assets/js/bcd76598.3b29350b.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6050],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.9/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.9/index.md",sourceDirName:".",slug:"/",permalink:"/0.9/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/index.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.9/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file diff --git a/assets/js/bd465781.273a7b00.js b/assets/js/bd465781.220a210e.js similarity index 97% rename from assets/js/bd465781.273a7b00.js rename to assets/js/bd465781.220a210e.js index f7422b0f3..5d2630c99 100644 --- a/assets/js/bd465781.273a7b00.js +++ b/assets/js/bd465781.220a210e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2112],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},s=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),s=f(n),d=l,m=s["".concat(c,".").concat(d)]||s[d]||u[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=s;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/docs/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_cleanup"},"fleet cleanup"),"\t - Clean up outdated cluster registrations"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2112],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),f=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=f(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},s=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),s=f(n),d=l,m=s["".concat(c,".").concat(d)]||s[d]||u[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=s;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var f=2;f{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>f});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet",id:"cli/fleet-cli/fleet",title:"",description:"fleet",source:"@site/docs/cli/fleet-cli/fleet.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet",permalink:"/cli/fleet-cli/fleet",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet"},sidebar:"docs",previous:{title:"fleet-agent",permalink:"/cli/fleet-agent/"},next:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"}},c={},f=[{value:"fleet",id:"fleet",level:2},{value:"Options",id:"options",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:f};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet"},"fleet"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -h, --help help for fleet\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_apply"},"fleet apply"),"\t - Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_cleanup"},"fleet cleanup"),"\t - Clean up outdated cluster registrations"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet_test"},"fleet test"),"\t - Match a bundle to a target and render the output")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c1eb0b52.0653eee2.js b/assets/js/c1eb0b52.72d869e3.js similarity index 98% rename from assets/js/c1eb0b52.0653eee2.js rename to assets/js/c1eb0b52.72d869e3.js index 38e3b25dc..1526ecac6 100644 --- a/assets/js/c1eb0b52.0653eee2.js +++ b/assets/js/c1eb0b52.72d869e3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4572],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),m=c(n),f=r,d=m["".concat(s,".").concat(f)]||m[f]||p[f]||l;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function f(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=m;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.6/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.6/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.6/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-configuration.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.6/ref-registration"},next:{title:"Custom Resources Spec",permalink:"/0.6/ref-crds"}},s={},c=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"configuration"},"Configuration"),(0,r.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,r.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,r.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,r.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,r.kt)("p",null,"The controllers can be started with these environment variables:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,r.kt)("h2",{id:"configuration-1"},"Configuration"),(0,r.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,r.kt)("p",null,"The config ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent "),(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller ")),(0,r.kt)("h2",{id:"labels"},"Labels"),(0,r.kt)("p",null,"Labels used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,r.kt)("h2",{id:"annotations"},"Annotations"),(0,r.kt)("p",null,"Annotations used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4572],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},m=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),m=c(n),f=r,d=m["".concat(s,".").concat(f)]||m[f]||p[f]||l;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function f(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,i=new Array(l);i[0]=m;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:r,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},i="Configuration",o={unversionedId:"ref-configuration",id:"version-0.6/ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/versioned_docs/version-0.6/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/0.6/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-configuration.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/0.6/ref-registration"},next:{title:"Custom Resources Spec",permalink:"/0.6/ref-crds"}},s={},c=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"configuration"},"Configuration"),(0,r.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,r.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,r.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,r.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,r.kt)("p",null,"The controllers can be started with these environment variables:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,r.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,r.kt)("h2",{id:"configuration-1"},"Configuration"),(0,r.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,r.kt)("p",null,"The config ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent "),(0,r.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller ")),(0,r.kt)("h2",{id:"labels"},"Labels"),(0,r.kt)("p",null,"Labels used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,r.kt)("h2",{id:"annotations"},"Annotations"),(0,r.kt)("p",null,"Annotations used by fleet:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c234ba49.ef43c547.js b/assets/js/c234ba49.ef43c547.js new file mode 100644 index 000000000..21a6b3510 --- /dev/null +++ b/assets/js/c234ba49.ef43c547.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4615],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.9/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.9/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.9/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/ref-bundle-stages.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.9/concepts"},next:{title:"Git Repository Contents",permalink:"/0.9/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.9/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.9/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.9/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file diff --git a/assets/js/c2bab82f.8a65a80e.js b/assets/js/c2bab82f.5afbe212.js similarity index 99% rename from assets/js/c2bab82f.8a65a80e.js rename to assets/js/c2bab82f.5afbe212.js index 0282d02bd..8666f9522 100644 --- a/assets/js/c2bab82f.8a65a80e.js +++ b/assets/js/c2bab82f.5afbe212.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[824],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var n=a(7294),l=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return n.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var n=a(7462),l=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:n,default:l}}=e;return{value:t,label:a,attributes:n,default:l}}))}function p(e){const{values:t,children:a}=e;return(0,l.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const n=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(n.location.search);t.set(r,e),n.replace({...n.location,search:t.toString()})}),[r,n])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:n}=e,r=p(e),[s,i]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const n=a.find((e=>e.default))??a[0];if(!n)throw new Error("Unexpected error: 0 tabValues");return n.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:n}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[n,r]=(0,c.Nk)(a);return[n,(0,l.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:n}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,l.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),n=u[a].value;n!==i&&(d(t),o(n))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return l.createElement("li",(0,n.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:n}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===n));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==n}))))}function w(e){const t=f(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",k)},l.createElement(v,(0,n.Z)({},e,t)),l.createElement(y,(0,n.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return l.createElement(w,(0,n.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>n});const n={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},4721:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var n=a(7462),l=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.6/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.6/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.6/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/installation.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/0.6/ref-resources"},next:{title:"Register Downstream Clusters",permalink:"/0.6/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,l.kt)("wrapper",(0,n.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"installation-details"},"Installation Details"),(0,l.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,l.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,l.kt)("p",null,(0,l.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,l.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,l.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,l.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d["v0.6"].kubernetes," or greater.")),(0,l.kt)("h2",{id:"default-install"},"Default Install"),(0,l.kt)("p",null,"Install the following two Helm charts."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.6"].fleetCRD),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d["v0.6"].fleet)),(0,l.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,l.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,l.kt)("p",null,"You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"register some git repos")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,l.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. ")),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,l.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,l.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,l.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,l.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("h4",{id:"validate"},"Validate"),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.6"].fleetCRD),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d["v0.6"].fleet)),(0,l.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[824],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var n=a(7294),l=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return n.createElement("div",{role:"tabpanel",className:(0,l.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var n=a(7462),l=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return l.Children.map(e,(e=>{if((0,l.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:n,default:l}}=e;return{value:t,label:a,attributes:n,default:l}}))}function p(e){const{values:t,children:a}=e;return(0,l.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const n=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,l.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(n.location.search);t.set(r,e),n.replace({...n.location,search:t.toString()})}),[r,n])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:n}=e,r=p(e),[s,i]=(0,l.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const n=a.find((e=>e.default))??a[0];if(!n)throw new Error("Unexpected error: 0 tabValues");return n.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:n}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[n,r]=(0,c.Nk)(a);return[n,(0,l.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:n}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,l.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,l.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),n=u[a].value;n!==i&&(d(t),o(n))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return l.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return l.createElement("li",(0,n.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:n}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===n));return e?(0,l.cloneElement)(e,{className:"margin-top--md"}):null}return l.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,l.cloneElement)(e,{key:t,hidden:e.props.value!==n}))))}function w(e){const t=f(e);return l.createElement("div",{className:(0,r.Z)("tabs-container",k)},l.createElement(v,(0,n.Z)({},e,t)),l.createElement(y,(0,n.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return l.createElement(w,(0,n.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>n});const n={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},4721:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var n=a(7462),l=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.6/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.6/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.6/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/installation.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/0.6/ref-resources"},next:{title:"Register Downstream Clusters",permalink:"/0.6/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,l.kt)("wrapper",(0,n.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"installation-details"},"Installation Details"),(0,l.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,l.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,l.kt)("p",null,(0,l.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,l.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,l.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,l.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,l.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d["v0.6"].kubernetes," or greater.")),(0,l.kt)("h2",{id:"default-install"},"Default Install"),(0,l.kt)("p",null,"Install the following two Helm charts."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.6"].fleetCRD),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",r.d["v0.6"].fleet)),(0,l.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,l.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,l.kt)("p",null,"You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"register some git repos")," in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,l.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,l.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,l.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,l.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA. ")),(0,l.kt)("admonition",{type:"info"},(0,l.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,l.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,l.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,l.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,l.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,l.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,l.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,l.kt)("p",null,"Please note that the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,l.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,l.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,l.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,l.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("h4",{id:"validate"},"Validate"),(0,l.kt)("p",null,"First validate the server URL is correct."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,l.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,l.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,l.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,l.kt)("p",null,"If you get a valid JSON response or an ",(0,l.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,l.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,l.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,l.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,l.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,l.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,l.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,l.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,l.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,l.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,l.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,l.kt)(i.Z,{mdxType:"Tabs"},(0,l.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First install the Fleet CustomResourcesDefintions.",(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d["v0.6"].fleetCRD),(0,l.kt)("p",null,"Second install the Fleet controllers."),(0,l.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d["v0.6"].fleet)),(0,l.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,l.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,l.kt)("a",{parentName:"p",href:"/0.6/cluster-registration"},"register clusters")," and ",(0,l.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/c377a04b.f0c7c418.js b/assets/js/c377a04b.0a97d2a2.js similarity index 97% rename from assets/js/c377a04b.f0c7c418.js rename to assets/js/c377a04b.0a97d2a2.js index 757a208d2..8669b732c 100644 --- a/assets/js/c377a04b.f0c7c418.js +++ b/assets/js/c377a04b.0a97d2a2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6971],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,f=m["".concat(l,".").concat(d)]||m[d]||p[d]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"index",title:"Overview",description:"What is Fleet?",source:"@site/docs/index.md",sourceDirName:".",slug:"/",permalink:"/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/index.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6971],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,f=m["".concat(l,".").concat(d)]||m[d]||p[d]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=m;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"index",title:"Overview",description:"What is Fleet?",source:"@site/docs/index.md",sourceDirName:".",slug:"/",permalink:"/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/index.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file diff --git a/assets/js/c3dfc33d.6df975ea.js b/assets/js/c3dfc33d.528997e6.js similarity index 97% rename from assets/js/c3dfc33d.6df975ea.js rename to assets/js/c3dfc33d.528997e6.js index 561ae7277..d08e45890 100644 --- a/assets/js/c3dfc33d.6df975ea.js +++ b/assets/js/c3dfc33d.528997e6.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2276],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.7/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.7/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-cli/fleet_test.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.7/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.7/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2276],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"version-0.7/cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/0.7/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-cli/fleet_test.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/0.7/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/0.7/cli/fleet-controller/fleet-manager"}},s={},c=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c67695e7.d5cab442.js b/assets/js/c67695e7.bf9a42e4.js similarity index 73% rename from assets/js/c67695e7.d5cab442.js rename to assets/js/c67695e7.bf9a42e4.js index 3e2df4fe8..70d3b4852 100644 --- a/assets/js/c67695e7.d5cab442.js +++ b/assets/js/c67695e7.bf9a42e4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8252],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function c(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):c(c({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=a(e,["components","mdxType","originalType","parentName"]),d=l(r),m=o,f=d["".concat(i,".").concat(m)]||d[m]||p[m]||s;return r?n.createElement(f,c(c({ref:t},u),{},{components:r})):n.createElement(f,c({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,c=new Array(s);c[0]=d;var a={};for(var i in t)hasOwnProperty.call(t,i)&&(a[i]=t[i]);a.originalType=e,a.mdxType="string"==typeof e?e:o,c[1]=a;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>c,default:()=>p,frontMatter:()=>s,metadata:()=>a,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},c="Custom Resources During Deployment",a={unversionedId:"resources-during-deployment",id:"resources-during-deployment",title:"Custom Resources During Deployment",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/docs/resources-during-deployment.md",sourceDirName:".",slug:"/resources-during-deployment",permalink:"/resources-during-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/resources-during-deployment.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/namespaces"},next:{title:"Installation Details",permalink:"/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources-during-deployment"},"Custom Resources During Deployment"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8252],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var i=n.createContext({}),l=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,i=e.parentName,u=c(e,["components","mdxType","originalType","parentName"]),d=l(r),m=o,f=d["".concat(i,".").concat(m)]||d[m]||p[m]||s;return r?n.createElement(f,a(a({ref:t},u),{},{components:r})):n.createElement(f,a({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,a=new Array(s);a[0]=d;var c={};for(var i in t)hasOwnProperty.call(t,i)&&(c[i]=t[i]);c.originalType=e,c.mdxType="string"==typeof e?e:o,a[1]=c;for(var l=2;l{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>c,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},a="Custom Resources During Deployment",c={unversionedId:"resources-during-deployment",id:"resources-during-deployment",title:"Custom Resources During Deployment",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/docs/resources-during-deployment.md",sourceDirName:".",slug:"/resources-during-deployment",permalink:"/resources-during-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/resources-during-deployment.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/namespaces"},next:{title:"Installation Details",permalink:"/installation"}},i={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources-during-deployment"},"Custom Resources During Deployment"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file diff --git a/assets/js/c6aa770e.d7636b0b.js b/assets/js/c6aa770e.218ee5ae.js similarity index 98% rename from assets/js/c6aa770e.d7636b0b.js rename to assets/js/c6aa770e.218ee5ae.js index 8b6890bd3..38c2f9201 100644 --- a/assets/js/c6aa770e.d7636b0b.js +++ b/assets/js/c6aa770e.218ee5ae.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[844],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.6/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.6/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.6/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/concepts.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.6/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.6/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.6/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.6/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[844],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.6/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.6/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.6/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/concepts.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.6/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.6/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.6/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.6/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.6/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/c7381d34.454124c5.js b/assets/js/c7381d34.769d6b9e.js similarity index 99% rename from assets/js/c7381d34.454124c5.js rename to assets/js/c7381d34.769d6b9e.js index 2c6dde994..bb551d08f 100644 --- a/assets/js/c7381d34.454124c5.js +++ b/assets/js/c7381d34.769d6b9e.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7544],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).",source:"@site/docs/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/webhook.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens)."),(0,r.kt)("p",null,"For installations with multiple tens up to hundreds of Git repos, and in general to reduce latency (the time between a push to Git and fleet reacting to it), configuring webhooks is recommended instead of polling."),(0,r.kt)("p",null,"Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7544],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).",source:"@site/docs/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/webhook.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens)."),(0,r.kt)("p",null,"For installations with multiple tens up to hundreds of Git repos, and in general to reduce latency (the time between a push to Git and fleet reacting to it), configuring webhooks is recommended instead of polling."),(0,r.kt)("p",null,"Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/c916adcd.a7125a80.js b/assets/js/c916adcd.1c56eb73.js similarity index 98% rename from assets/js/c916adcd.a7125a80.js rename to assets/js/c916adcd.1c56eb73.js index 62f7dfe3f..e7cb9f36f 100644 --- a/assets/js/c916adcd.a7125a80.js +++ b/assets/js/c916adcd.1c56eb73.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7155],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},1079:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>m,frontMatter:()=>u,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),r=(a(6828),a(814)),s=a(4866),o=a(5162);const u={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.7/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.7/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.7/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/quickstart.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.7/"},next:{title:"Creating a Deployment",permalink:"/0.7/tut-deployment"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],h={toc:p};function m(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null," Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is\nfairly straightforward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)(s.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd\n","helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet"),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}m.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7155],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},1079:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>m,frontMatter:()=>u,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),r=(a(6828),a(814)),s=a(4866),o=a(5162);const u={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.7/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.7/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.7/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/quickstart.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.7/"},next:{title:"Creating a Deployment",permalink:"/0.7/tut-deployment"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],h={toc:p};function m(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null," Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is\nfairly straightforward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)(s.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd\n","helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet"),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}m.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/cd0bf424.e58b70f9.js b/assets/js/cd0bf424.21be499d.js similarity index 97% rename from assets/js/cd0bf424.e58b70f9.js rename to assets/js/cd0bf424.21be499d.js index 1dab801f3..1b183e508 100644 --- a/assets/js/cd0bf424.e58b70f9.js +++ b/assets/js/cd0bf424.21be499d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[208],{3905:(e,t,l)=>{l.d(t,{Zo:()=>u,kt:()=>m});var n=l(7294);function r(e,t,l){return t in e?Object.defineProperty(e,t,{value:l,enumerable:!0,configurable:!0,writable:!0}):e[t]=l,e}function s(e,t){var l=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),l.push.apply(l,n)}return l}function a(e){for(var t=1;t=0||(r[l]=e[l]);return r}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,l)&&(r[l]=e[l])}return r}var i=n.createContext({}),c=function(e){var t=n.useContext(i),l=t;return e&&(l="function"==typeof e?e(t):a(a({},t),e)),l},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var l=e.components,r=e.mdxType,s=e.originalType,i=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(l),m=r,h=d["".concat(i,".").concat(m)]||d[m]||p[m]||s;return l?n.createElement(h,a(a({ref:t},u),{},{components:l})):n.createElement(h,a({ref:t},u))}));function m(e,t){var l=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var s=l.length,a=new Array(s);a[0]=d;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:r,a[1]=o;for(var c=2;c{l.r(t),l.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var n=l(7462),r=(l(7294),l(3905));const s={},a="Single Cluster Install",o={unversionedId:"single-cluster-install",id:"version-0.4/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.4/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.4/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/single-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.4/installation"},next:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},i={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...s}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,r.kt)("p",null,(0,r.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,r.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,r.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,r.kt)("h3",{id:"helm-3"},"Helm 3"),(0,r.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,r.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,r.kt)("p",null,"macOS"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,r.kt)("p",null,"Windows"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,r.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,r.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,r.kt)("h2",{id:"install"},"Install"),(0,r.kt)("p",null,"Install the following two Helm charts."),(0,r.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,r.kt)("p",null,"Second install the Fleet controllers."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n")),(0,r.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,r.kt)("p",null,"You can now ",(0,r.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"register some git repos")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>n});const n=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[208],{3905:(e,t,l)=>{l.d(t,{Zo:()=>u,kt:()=>m});var n=l(7294);function r(e,t,l){return t in e?Object.defineProperty(e,t,{value:l,enumerable:!0,configurable:!0,writable:!0}):e[t]=l,e}function s(e,t){var l=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),l.push.apply(l,n)}return l}function a(e){for(var t=1;t=0||(r[l]=e[l]);return r}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,l)&&(r[l]=e[l])}return r}var i=n.createContext({}),c=function(e){var t=n.useContext(i),l=t;return e&&(l="function"==typeof e?e(t):a(a({},t),e)),l},u=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var l=e.components,r=e.mdxType,s=e.originalType,i=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),d=c(l),m=r,h=d["".concat(i,".").concat(m)]||d[m]||p[m]||s;return l?n.createElement(h,a(a({ref:t},u),{},{components:l})):n.createElement(h,a({ref:t},u))}));function m(e,t){var l=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var s=l.length,a=new Array(s);a[0]=d;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:r,a[1]=o;for(var c=2;c{l.r(t),l.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>p,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var n=l(7462),r=(l(7294),l(3905));const s={},a="Single Cluster Install",o={unversionedId:"single-cluster-install",id:"version-0.4/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.4/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.4/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/single-cluster-install.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.4/installation"},next:{title:"Multi-cluster Install",permalink:"/0.4/multi-cluster-install"}},i={},c=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],u={toc:c};function p(e){let{components:t,...s}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,r.kt)("p",null,(0,r.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,r.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,r.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,r.kt)("h3",{id:"helm-3"},"Helm 3"),(0,r.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,r.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,r.kt)("p",null,"macOS"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,r.kt)("p",null,"Windows"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,r.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,r.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,r.kt)("h2",{id:"install"},"Install"),(0,r.kt)("p",null,"Install the following two Helm charts."),(0,r.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-crd-0.4.1.tgz\n")),(0,r.kt)("p",null,"Second install the Fleet controllers."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-0.4.1.tgz\n")),(0,r.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,r.kt)("p",null,"You can now ",(0,r.kt)("a",{parentName:"p",href:"/0.4/gitrepo-add"},"register some git repos")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>n});const n=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/cd323ffc.6acfaec3.js b/assets/js/cd323ffc.c1c081ba.js similarity index 98% rename from assets/js/cd323ffc.6acfaec3.js rename to assets/js/cd323ffc.c1c081ba.js index c7d6ad961..4a8042d22 100644 --- a/assets/js/cd323ffc.6acfaec3.js +++ b/assets/js/cd323ffc.c1c081ba.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1910],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/docs/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/imagescan.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/webhook"},next:{title:"Create a Bundle Resource",permalink:"/bundle-add"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order\n- policy:\n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver:\n range: "*"\n # can use ascending or descending order\n alphabetical:\n order: asc\n\n # specify images to scan\n image: "your.registry.com/repo/image"\n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret\n\n # Specify the scan interval\n interval: 5m\n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples\n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m\n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret\n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1910],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/docs/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/imagescan.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/webhook"},next:{title:"Create a Bundle Resource",permalink:"/bundle-add"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order\n- policy:\n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver:\n range: "*"\n # can use ascending or descending order\n alphabetical:\n order: asc\n\n # specify images to scan\n image: "your.registry.com/repo/image"\n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret\n\n # Specify the scan interval\n interval: 5m\n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples\n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m\n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret\n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ce48e831.a7e19849.js b/assets/js/ce48e831.4f4e45b2.js similarity index 98% rename from assets/js/ce48e831.a7e19849.js rename to assets/js/ce48e831.4f4e45b2.js index 1af5d62a0..8bcbfc228 100644 --- a/assets/js/ce48e831.a7e19849.js +++ b/assets/js/ce48e831.4f4e45b2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3859],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.7/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.7/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.7/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/concepts.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.7/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.7/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.7/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.7/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.7/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3859],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.7/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.7/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.7/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/concepts.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.7/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.7/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.7/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.7/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.7/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ce534227.b1607e30.js b/assets/js/ce534227.63d8a217.js similarity index 97% rename from assets/js/ce534227.b1607e30.js rename to assets/js/ce534227.63d8a217.js index 59ed7d473..e855205d7 100644 --- a/assets/js/ce534227.b1607e30.js +++ b/assets/js/ce534227.63d8a217.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6342],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),d=o,h=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(h,s(s({ref:t},p),{},{components:n})):r.createElement(h,s({ref:t},p))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.6/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.6/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.6/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-gitrepo.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.6/ref-fleet-yaml"},next:{title:"Troubleshooting",permalink:"/0.6/troubleshooting"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n # \n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. \n # Credentials will always be used if it is empty or not provided\n # \n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6342],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),d=o,h=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(h,s(s({ref:t},p),{},{components:n})):r.createElement(h,s({ref:t},p))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"version-0.6/ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/versioned_docs/version-0.6/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/0.6/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-gitrepo.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/0.6/ref-fleet-yaml"},next:{title:"Troubleshooting",permalink:"/0.6/troubleshooting"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/0.6/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n # \n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression. \n # Credentials will always be used if it is empty or not provided\n # \n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/cf6f5f9b.ca6afa57.js b/assets/js/cf6f5f9b.b8a6fdc4.js similarity index 98% rename from assets/js/cf6f5f9b.ca6afa57.js rename to assets/js/cf6f5f9b.b8a6fdc4.js index ba885f379..afacb4261 100644 --- a/assets/js/cf6f5f9b.ca6afa57.js +++ b/assets/js/cf6f5f9b.b8a6fdc4.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9863],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.7/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.7/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.7/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/architecture.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.7/uninstall"},next:{title:"Core Concepts",permalink:"/0.7/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.7/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9863],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.7/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.7/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.7/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/architecture.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.7/uninstall"},next:{title:"Core Concepts",permalink:"/0.7/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.7/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file diff --git a/assets/js/d0180ce2.4e89d86a.js b/assets/js/d0180ce2.4e89d86a.js new file mode 100644 index 000000000..c65a11f75 --- /dev/null +++ b/assets/js/d0180ce2.4e89d86a.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9532],{3905:(t,e,a)=>{a.d(e,{Zo:()=>s,kt:()=>k});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var p=n.createContext({}),m=function(t){var e=n.useContext(p),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},s=function(t){var e=m(t.components);return n.createElement(p.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},o=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,p=t.parentName,s=u(t,["components","mdxType","originalType","parentName"]),o=m(a),k=l,N=o["".concat(p,".").concat(k)]||o[k]||d[k]||r;return a?n.createElement(N,i(i({ref:e},s),{},{components:a})):n.createElement(N,i({ref:e},s))}));function k(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=o;var u={};for(var p in e)hasOwnProperty.call(e,p)&&(u[p]=e[p]);u.originalType=t,u.mdxType="string"==typeof t?t:l,i[1]=u;for(var m=2;m{a.r(e),a.d(e,{assets:()=>p,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>u,toc:()=>m});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",u={unversionedId:"ref-crds",id:"version-0.9/ref-crds",title:"Custom Resources Spec",description:"* Bundle",source:"@site/versioned_docs/version-0.9/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.9/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/ref-crds.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"List of Deployed Resources",permalink:"/0.9/ref-resources"},next:{title:"fleet.yaml",permalink:"/0.9/ref-fleet-yaml"}},p={},m=[{value:"Bundle",id:"bundle",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentResource",id:"bundledeploymentresource",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"IgnoreOptions",id:"ignoreoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"Content",id:"content",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"CorrectDrift",id:"correctdrift",level:4},{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4}],s={toc:m};function d(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},s,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy"))),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("p",null,"Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.\\n\\nWhen a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("p",null,"BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is a summary state for the bundle, calculated over the non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching bundle's labels."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("p",null,"BundleResource represents the content of a single resource from the bundle, like a YAML manifest."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource, can include the bundle's internal path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"The content of the resource, can be compressed."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null},'Encoding is either empty or \\"base64+gz\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains the resources that were read from the bundle's path. This includes the content of downloaded helm charts."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleresource"},"BundleResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions is an allow list, which controls if a bundledeployment is created for a target."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null},"NewlyCreated is the number of bundle deployments that have been created, not updated."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"UnavailablePartitions is the number of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable deployments. See rollout configuration."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"PartitionStatus lists the status of each partition."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc.."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("p",null,"BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of bundle deployments that have been deployed where some resources are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"ErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"OutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of bundle deployments that have been deployed where all resources are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null},"Pending is the number of bundle deployments that are being processed by Fleet controller."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of bundle deployments that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of states, which is filled for a bundle that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("p",null,"BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},'Name of target. This value is largely for display and logging. If not specified a default name of the format \\"target000\\" will be used'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName to match a specific cluster by name that will be selected"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup to match a specific cluster group by name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a selector to match cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"doNotDeploy"),(0,l.kt)("td",{parentName:"tr",align:null},"DoNotDeploy if set to true, will not deploy to this target."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("p",null,"BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("p",null,'NonReadyResource contains information about a bundle that is not ready for a given state like \\"ErrApplied\\". It contains a list of non-ready or modified resources and their states.'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, like e.g. \\"NotReady\\" or \\"ErrApplied\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains information why the bundle is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"ModifiedStatus lists the state for each modified resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyStatus lists the state for each non-ready resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("p",null,"Partition defines a separate rollout strategy for a set of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"A user-friendly name given to the partition used for Display (optional)."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"A cluster group name to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster group labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("p",null,"PartitionStatus is the status of a single rollout partition."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null},"Count is the number of clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary state for the partition, calculated over its non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("p",null,"ResourceKey lists resources, which will likely be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s api kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the k8s api version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("p",null,"RolloverStrategy controls the rollout of the bundle across clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn't take effect on update. default: 100%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partition"},"Partition")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("p",null,"BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ignore"),(0,l.kt)("td",{parentName:"tr",align:null},"IgnoreOptions can be used to ignore fields when monitoring the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceLabels are labels that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceAnnotations"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceAnnotations are annotations that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentresource"},"BundleDeploymentResource"),(0,l.kt)("p",null,"BundleDeploymentResource contains the metadata of a deployed resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"createdAt"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedOptions are the deployment options, that are staged for the next deployment."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedDeploymentID is the ID of the staged deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null},"Options are the deployment options, that are currently applied."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"DeploymentID is the ID of the currently applied deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources lists the metadata of resources that were deployed according to the helm release history."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("p",null,"ComparePatch matches a resource and removes fields from the check for modifications."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the kind of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the apiVersion of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null},"Operations remove a JSON path from the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#operation"},"Operation")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null},"JSONPointers ignore diffs at a certain JSON path."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null},"ComparePatches match a resource and remove fields from the check for modifications."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("p",null,"HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disableDNS"),(0,l.kt)("td",{parentName:"tr",align:null},"DisableDNS can be used to customize Helm's EnableDNS option, which Fleet sets to ",(0,l.kt)("inlineCode",{parentName:"td"},"true")," by default."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"skipSchemaValidation"),(0,l.kt)("td",{parentName:"tr",align:null},"SkipSchemaValidation allows skipping schema validation against the chart values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"ignoreoptions"},"IgnoreOptions"),(0,l.kt)("p",null,"IgnoreOptions defines conditions to be ignored when monitoring the Bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions to be ignored when monitoring the Bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("p",null,"KustomizeOptions for a deployment."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null},"Dir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of a resource in the same namespace as the referent."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("p",null,"ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("p",null,"NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("p",null,'Operation of a ComparePatch, usually \\"remove\\".'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null},'Op is usually \\"remove\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null},"Path is the JSON path to remove."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null},"Value is usually empty."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("p",null,"YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null},'Overlays is a list of names that maps to folders in \\"overlays/\\". If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("p",null,"BundleNamespaceMapping maps bundles to clusters in other namespaces."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSeen is the last time the agent checked in to update the status of the cluster resource."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the namespace of the agent deployment, e.g. \\"cattle-fleet-system\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNodes is the number of nodes that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes is the number of nodes that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNode contains the names of non-ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes contains the names of ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("p",null,"Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyNodes is a string in the form \\"%d/%d\\", that describes the number of nodes that are ready vs. the number of expected nodes.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null},"SampleNode is the name of one of the nodes that are ready. If no node is ready, it's the name of a node that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State of the cluster, either one of the bundle states, or \\"WaitCheckIn\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster. It can optionally contain a APIServerURL and CA to override the values in the fleet-controller's configmap."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecretNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecretNamespace is the namespace of the secret containing the kubeconfig for the downstream cluster. If unset, it will be assumed the secret can be found in the namespace that the Cluster object resides within."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]corev1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]corev1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts is an aggregate over the GitRepoResourceCounts."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyGitRepos is the number of gitrepos for this cluster that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVarsHash is a hash of the agent's env vars, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentPrivateRepoURL is the private repo URL for the agent that is currently used."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentDeployedGeneration is the generation of the agent that is currently deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"CattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinityHash is a hash of the agent's affinity configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResourcesHash is a hash of the agent's resources configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerationsHash is a hash of the agent's tolerations configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentConfigChanged"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerURL"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerCAHash"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerCAHash is a hash of the upstream API server CA, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready bundles, nodes and a summary state."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentStatus contains information about the agent."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("p",null,"ClusterGroup is a re-usable selector to target a group of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is a summary state for the cluster group, showing \\"NotReady\\" if there are non-ready resources.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector is a label selector, used to select clusters for this group."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterCount is the number of clusters in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusterCount is the number of clusters that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of cluster names that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions and their statuses for the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundle deployments and their resources in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("p",null,"ClusterRegistration is used internally by Fleet and should not be used directly."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterLabels are copied to the cluster resource during the registration."),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is only set after the registration is being processed by fleet-controller."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null},"Granted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("p",null,"ClusterRegistrationToken is used by agents to register a new cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null},"TTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null},"Expires is the time when the token expires."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretName is the name of the secret containing the token."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("p",null,"Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"Content is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment's content resource, so the downstream agent can deploy them."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"correctdrift"},"CorrectDrift"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"enabled"),(0,l.kt)("td",{parentName:"tr",align:null},"Enabled correct drift if true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force helm rollback with --force option will be used if true. This will try to recreate all resources in the release."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepFailHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepFailHistory keeps track of failed rollbacks in the helm history."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("p",null,"GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundleDeployments is a string in the form \\"%d/%d\\", that describes the number of ready bundledeployments over the total number of bundledeployments.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the GitRepo, e.g. \\"GitUpdating\\" or the maximal BundleState according to StateRank.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains the relevant message from the deployment conditions."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if a message is present."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("p",null,"GitRepoResource contains metadata about the resources of a bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the API version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null},'Type is the type of the resource, e.g. \\"apiextensions.k8s.io.customresourcedefinition\\" or \\"configmap\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null},'ID is the name of the resource, e.g. \\"namespace1/my-config\\" or \\"backingimagemanagers.storage.io\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null},"IncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, e.g. \\"Unknown\\", \\"WaitApplied\\", \\"ErrApplied\\" or \\"Ready\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if any Error in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if any Transitioning in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message is the first message from the PerClusterStates."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null},"PerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("p",null,"GitRepoResourceCounts contains the number of resources in each state."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of resources that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of resources that are waiting to be applied."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of resources that have been modified."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null},"Orphaned is the number of orphaned resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null},"Missing is the number of missing resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null},"Unknown is the number of resources in an unknown state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of not ready resources. Resources are not ready if they do not match any other state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for a private Helm repository."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretNameForPaths"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretNameForPaths contains the auth secret for private Helm repository for each path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of targets this repo will deploy to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gittarget"},"GitTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when a new image is scanned and written back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit is the Git commit hash from the last gitjob run."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyClusters\\tis the number of clusters that should be ready for bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null},'GitJobStatus is the status of the last GitJob run, e.g. \\"Current\\" if there was no error.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains a human readable summary of the status."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains metadata about the resources of each bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceErrors is a sorted list of errors from the resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSyncedImageScanTime is the time of the last image scan."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("p",null,"GitTarget is a cluster or cluster group to deploy to."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of this target."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a label selector to select clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup is the name of a cluster group in the same namespace as the clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a label selector to select cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("p",null,"ResourcePerClusterState is generated for each non-ready resource of the bundles."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is the state of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if the resource is in an error state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if the resource is in a transitioning state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message combines the messages from the bundle's summary. Messages are joined with the delimiter ';'."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null},"Patch for modified resources."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterID is the id of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("p",null,"GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultServiceAccount overrides the GitRepo's default service account."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultClientSecretName overrides the GitRepo's default client secret."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d277059e.ec478cd9.js b/assets/js/d277059e.fcf4ab98.js similarity index 97% rename from assets/js/d277059e.ec478cd9.js rename to assets/js/d277059e.fcf4ab98.js index 642679e24..010899b85 100644 --- a/assets/js/d277059e.ec478cd9.js +++ b/assets/js/d277059e.fcf4ab98.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2491],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||o;return n?r.createElement(m,a(a({ref:t},p),{},{components:n})):r.createElement(m,a({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.7/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.7/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.7/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.7/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2491],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||o;return n?r.createElement(m,a(a({ref:t},p),{},{components:n})):r.createElement(m,a({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.7/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.7/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.7/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.7/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d3d84dd8.21642056.js b/assets/js/d3d84dd8.1003b5aa.js similarity index 96% rename from assets/js/d3d84dd8.21642056.js rename to assets/js/d3d84dd8.1003b5aa.js index d5495125b..37bc51f72 100644 --- a/assets/js/d3d84dd8.21642056.js +++ b/assets/js/d3d84dd8.1003b5aa.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1898],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.8/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.8/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.8/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.8/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.8/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1898],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.8/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.8/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.8/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.8/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.8/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d3d9887a.c9192881.js b/assets/js/d3d9887a.eb8783ea.js similarity index 99% rename from assets/js/d3d9887a.c9192881.js rename to assets/js/d3d9887a.eb8783ea.js index 1b6ce60fd..bdb1481d7 100644 --- a/assets/js/d3d9887a.c9192881.js +++ b/assets/js/d3d9887a.eb8783ea.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3714],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.5/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.5/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.5/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-structure.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.5/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.5/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3714],{3905:(e,t,a)=>{a.d(t,{Zo:()=>u,kt:()=>m});var n=a(7294);function r(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function o(e){for(var t=1;t=0||(r[a]=e[a]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(r[a]=e[a])}return r}var s=n.createContext({}),p=function(e){var t=n.useContext(s),a=t;return e&&(a="function"==typeof e?e(t):o(o({},t),e)),a},u=function(e){var t=p(e.components);return n.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},c=n.forwardRef((function(e,t){var a=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),c=p(a),m=r,h=c["".concat(s,".").concat(m)]||c[m]||d[m]||l;return a?n.createElement(h,o(o({ref:t},u),{},{components:a})):n.createElement(h,o({ref:t},u))}));function m(e,t){var a=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=a.length,o=new Array(l);o[0]=c;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),r=(a(7294),a(3905));const l={},o="Expected Repo Structure",i={unversionedId:"gitrepo-structure",id:"version-0.5/gitrepo-structure",title:"Expected Repo Structure",description:"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a fleet.yaml is found.",source:"@site/versioned_docs/version-0.5/gitrepo-structure.md",sourceDirName:".",slug:"/gitrepo-structure",permalink:"/0.5/gitrepo-structure",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/gitrepo-structure.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"},next:{title:"Mapping to Downstream Clusters",permalink:"/0.5/gitrepo-targets"}},s={},p=[{value:"How repos are scanned",id:"how-repos-are-scanned",level:2},{value:"fleet.yaml",id:"fleetyaml",level:2},{value:"Reference",id:"reference",level:3},{value:"Private Helm Repositories",id:"private-helm-repositories",level:3},{value:"Using ValuesFrom",id:"using-valuesfrom",level:3},{value:"Per Cluster Customization",id:"per-cluster-customization",level:2},{value:"Raw YAML Resource Customization",id:"raw-yaml-resource-customization",level:2},{value:"Cluster and Bundle state",id:"cluster-and-bundle-state",level:2}],u={toc:p};function d(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"expected-repo-structure"},"Expected Repo Structure"),(0,r.kt)("p",null,"Fleet will create bundles from a git repository. This happens either explicitly by specifying paths, or when a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is found."),(0,r.kt)("p",null,"Each bundle is created from paths in a GitRepo and modified further by reading the discovered ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file.\nBundle lifecycles are tracked between releases by the helm releaseName field added to each bundle. If the releaseName is not\nspecified within fleet.yaml it is generated from ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo.name + path"),". Long names are truncated and a ",(0,r.kt)("inlineCode",{parentName:"p"},"-")," prefix is added."),(0,r.kt)("p",null,(0,r.kt)("strong",{parentName:"p"},"The git repository has no explicitly required structure.")," It is important\nto realize the scanned resources will be saved as a resource in Kubernetes so\nyou want to make sure the directories you are scanning in git do not contain\narbitrarily large resources. Right now there is a limitation that the resources\ndeployed must ",(0,r.kt)("strong",{parentName:"p"},"gzip to less than 1MB"),"."),(0,r.kt)("h2",{id:"how-repos-are-scanned"},"How repos are scanned"),(0,r.kt)("p",null,"Multiple paths can be defined for a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and each path is scanned independently.\nInternally each scanned path will become a ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," that Fleet will manage,\ndeploy, and monitor independently."),(0,r.kt)("p",null,"The following files are looked for to determine the how the resources will be deployed."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"File"),(0,r.kt)("th",{parentName:"tr",align:null},"Location"),(0,r.kt)("th",{parentName:"tr",align:null},"Meaning"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"Chart.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed as a Helm chart. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"kustomization.yaml"),":"),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")," or custom path from ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"The resources will be deployed using Kustomize. Refer to the ",(0,r.kt)("inlineCode",{parentName:"td"},"fleet.yaml")," for more options.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"fleet.yaml")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If any fleet.yaml is found a new ",(0,r.kt)("a",{parentName:"td",href:"/0.5/concepts"},"bundle")," will be defined. This allows mixing charts, kustomize, and raw YAML in the same repo")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"}," *.yaml ")),(0,r.kt)("td",{parentName:"tr",align:null},"Any subpath"),(0,r.kt)("td",{parentName:"tr",align:null},"If a ",(0,r.kt)("inlineCode",{parentName:"td"},"Chart.yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},"kustomization.yaml")," is not found then any ",(0,r.kt)("inlineCode",{parentName:"td"},".yaml")," or ",(0,r.kt)("inlineCode",{parentName:"td"},".yml")," file will be assumed to be a Kubernetes resource and will be deployed.")),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("strong",{parentName:"td"},"overlays/{name}")),(0,r.kt)("td",{parentName:"tr",align:null},"/ relative to ",(0,r.kt)("inlineCode",{parentName:"td"},"path")),(0,r.kt)("td",{parentName:"tr",align:null},"When deploying using raw YAML (not Kustomize or Helm) ",(0,r.kt)("inlineCode",{parentName:"td"},"overlays")," is a special directory for customizations.")))),(0,r.kt)("h2",{id:"fleetyaml"},(0,r.kt)("inlineCode",{parentName:"h2"},"fleet.yaml")),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is an optional file that can be included in the git repository to change the behavior of how\nthe resources are deployed and customized. The ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," is always at the root relative to the ",(0,r.kt)("inlineCode",{parentName:"p"},"path")," of the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),"\nand if a subdirectory is found with a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," a new ",(0,r.kt)("a",{parentName:"p",href:"/0.5/concepts"},"bundle")," is defined that will then be\nconfigured differently from the parent bundle."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Helm chart dependencies"),":\nIt is up to the user to fulfill the dependency list for the Helm charts. As such, you must manually run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies update $chart")," OR run ",(0,r.kt)("inlineCode",{parentName:"p"},"helm dependencies build $chart")," prior to install. See the ",(0,r.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.6/en/deploy-across-clusters/fleet/#helm-chart-dependencies"},"Fleet docs")," in Rancher for more information.")),(0,r.kt)("h3",{id:"reference"},"Reference"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"How changes are applied to ",(0,r.kt)("inlineCode",{parentName:"strong"},"values.yaml")),":"),(0,r.kt)("ul",{parentName:"admonition"},(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"Note that the most recently applied changes to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," will override any previously existing values.")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("p",{parentName:"li"},"When changes are applied to the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," from multiple sources at the same time, the values will update in the following order: ",(0,r.kt)("inlineCode",{parentName:"p"},"helmValues")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFiles")," -> ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.valuesFrom"),".")))),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'# The default namespace to be applied to resources. This field is not used to\n# enforce or lock down the deployment to a specific namespace, but instead\n# provide the default value of the namespace field if one is not specified\n# in the manifests.\n# Default: default\ndefaultNamespace: default\n\n# All resources will be assigned to this namespace and if any cluster scoped\n# resource exists the deployment will fail.\n# Default: ""\nnamespace: default\n\nkustomize:\n # Use a custom folder for kustomize resources. This folder must contain\n # a kustomization.yaml file.\n dir: ./kustomize\n\nhelm:\n # Use a custom location for the Helm chart. This can refer to any go-getter URL or\n # OCI registry based helm chart URL e.g. "oci://ghcr.io/fleetrepoci/guestbook".\n # This allows one to download charts from most any location. Also know that\n # go-getter URL supports adding a digest to validate the download. If repo\n # is set below this field is the name of the chart to lookup\n chart: ./chart\n # A https URL to a Helm repo to download the chart from. It\'s typically easier\n # to just use `chart` field and refer to a tgz file. If repo is used the\n # value of `chart` will be used as the chart name to lookup in the Helm repository.\n repo: https://charts.rancher.io\n # A custom release name to deploy the chart as. If not specified a release name\n # will be generated by combining the invoking GitRepo.name + GitRepo.path.\n releaseName: my-release\n # The version of the chart or semver constraint of the chart to find. If a constraint\n # is specified it is evaluated each time git changes.\n # The version also determines which chart to download from OCI registries.\n version: 0.1.0\n # Any values that should be placed in the `values.yaml` and passed to helm during\n # install.\n values:\n any-custom: value\n # All labels on Rancher clusters are available using global.fleet.clusterLabels.LABELNAME\n # These can now be accessed directly as variables\n variableName: global.fleet.clusterLabels.LABELNAME\n # Path to any values files that need to be passed to helm during install\n valuesFiles:\n - values1.yaml\n - values2.yaml\n # Allow to use values files from configmaps or secrets\n valuesFrom:\n - configMapKeyRef:\n name: configmap-values\n # default to namespace of bundle\n namespace: default \n key: values.yaml\n secretKeyRef:\n name: secret-values\n namespace: default\n key: values.yaml\n # Override immutable resources. This could be dangerous.\n force: false\n # Set the Helm --atomic flag when upgrading\n atomic: false\n\n# A paused bundle will not update downstream clusters but instead mark the bundle\n# as OutOfSync. One can then manually confirm that a bundle should be deployed to\n# the downstream clusters.\n# Default: false\npaused: false\n\nrolloutStrategy:\n # A number or percentage of clusters that can be unavailable during an update\n # of a bundle. This follows the same basic approach as a deployment rollout\n # strategy. Once the number of clusters meets unavailable state update will be\n # paused. Default value is 100% which doesn\'t take effect on update.\n # default: 100%\n maxUnavailable: 15%\n # A number or percentage of cluster partitions that can be unavailable during\n # an update of a bundle.\n # default: 0\n maxUnavailablePartitions: 20%\n # A number of percentage of how to automatically partition clusters if not\n # specific partitioning strategy is configured.\n # default: 25%\n autoPartitionSize: 10%\n # A list of definitions of partitions. If any target clusters do not match\n # the configuration they are added to partitions at the end following the\n # autoPartitionSize.\n partitions:\n # A user friend name given to the partition used for Display (optional).\n # default: ""\n - name: canary\n # A number or percentage of clusters that can be unavailable in this\n # partition before this partition is treated as done.\n # default: 10%\n maxUnavailable: 10%\n # Selector matching cluster labels to include in this partition\n clusterSelector:\n matchLabels:\n env: prod\n # A cluster group name to include in this partition\n clusterGroup: agroup\n # Selector matching cluster group labels to include in this partition\n clusterGroupSelector: agroup\n \n# Target customization are used to determine how resources should be modified per target\n# Targets are evaluated in order and the first one to match a cluster is used for that cluster.\ntargetCustomizations:\n# The name of target. If not specified a default name of the format "target000"\n# will be used. This value is mostly for display\n- name: prod\n # Custom namespace value overriding the value at the root\n namespace: newvalue\n # Custom defaultNamespace value overriding the value at the root\n defaultNamespace: newdefaultvalue\n # Custom kustomize options overriding the options at the root\n kustomize: {}\n # Custom Helm options override the options at the root\n helm: {}\n # If using raw YAML these are names that map to overlays/{name} that will be used\n # to replace or patch a resource. If you wish to customize the file ./subdir/resource.yaml\n # then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file.\n # A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.\n # A patch can in JSON Patch or JSON Merge format or a strategic merge patch for builtin\n # Kubernetes types. Refer to "Raw YAML Resource Customization" below for more information.\n yaml:\n overlays:\n - custom2\n - custom3\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match a specific cluster by name. \n clusterName: dev-cluster \n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n\n# dependsOn allows you to configure dependencies to other bundles. The current bundle\n# will only be deployed, after all dependencies are deployed and in a Ready state.\ndependsOn:\n # Format: - with all path separators replaced by "-"\n # Example: GitRepo name "one", Bundle path "/multi-cluster/hello-world" => "one-multi-cluster-hello-world"\n - name: one-multi-cluster-hello-world\n')),(0,r.kt)("h3",{id:"private-helm-repositories"},"Private Helm Repositories"),(0,r.kt)("p",null,"For a private Helm repo, users can reference a secret from the git repo resource.\nSee ",(0,r.kt)("a",{parentName:"p",href:"gitrepo-add#using-private-helm-repositories"},"Using Private Helm Repositories")," for more information."),(0,r.kt)("h3",{id:"using-valuesfrom"},"Using ValuesFrom"),(0,r.kt)("p",null,"These examples showcase the style and format for using ",(0,r.kt)("inlineCode",{parentName:"p"},"valuesFrom"),". ConfigMaps and Secrets should be created in downstream clusters."),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/configmap/"},"ConfigMap"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: configmap-values\n namespace: default\ndata: \n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("p",null,"Example ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/configuration/secret/"},"Secret"),":"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: v1\nkind: Secret\nmetadata:\n name: secret-values\n namespace: default\nstringData:\n values.yaml: |-\n replication: true\n replicas: 2\n serviceType: NodePort\n")),(0,r.kt)("h2",{id:"per-cluster-customization"},"Per Cluster Customization"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," defines which clusters a git repository should be deployed to and the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in the repository\ndetermines how the resources are customized per target."),(0,r.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets of that\n",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),". The targets list is evaluated one by one and if there is a match the resource will be deployed to the cluster.\nIf no match is made against the target list on the ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the resources will not be deployed to that cluster.\nOnce a target cluster is matched the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," from the git repository is then consulted for customizations. The\n",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations")," in the ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," will be evaluated one by one and the first match will define how the\nresource is to be configured. If no match is made the resources will be deployed with no additional customizations."),(0,r.kt)("p",null,"There are three approaches to matching clusters for both ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," ",(0,r.kt)("inlineCode",{parentName:"p"},"targetCustomizations"),'.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,r.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,r.kt)("h2",{id:"raw-yaml-resource-customization"},"Raw YAML Resource Customization"),(0,r.kt)("p",null,"When using Kustomize or Helm the ",(0,r.kt)("inlineCode",{parentName:"p"},"kustomization.yaml")," or the ",(0,r.kt)("inlineCode",{parentName:"p"},"helm.values")," will control how the resource are\ncustomized per target cluster. If you are using raw YAML then the following simple mechanism is built-in and can\nbe used. The ",(0,r.kt)("inlineCode",{parentName:"p"},"overlays/")," folder in the git repo is treated specially as folder containing folders that\ncan be selected to overlay on top per target cluster. The resource overlay content\nuses a file name based approach. This is different from kustomize which uses a resource based approach. In kustomize\nthe resource Group, Kind, Version, Name, and Namespace identify resources and are then merged or patched. For Fleet\nthe overlay resources will override or patch content with a matching file name."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"# Base files\ndeployment.yaml\nsvc.yaml\n\n# Overlay files\n\n# The following file we be added\noverlays/custom/configmap.yaml\n# The following file will replace svc.yaml\noverlays/custom/svc.yaml\n# The following file will patch deployment.yaml\noverlays/custom/deployment_patch.yaml\n")),(0,r.kt)("p",null,"A file named ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," will replace a file called ",(0,r.kt)("inlineCode",{parentName:"p"},"foo")," from the base resources or a previous overlay. In order to patch\nthe contents a file the convention of adding ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch.")," (notice the trailing period) to the filename is used. The string ",(0,r.kt)("inlineCode",{parentName:"p"},"_patch."),"\nwill be replaced with ",(0,r.kt)("inlineCode",{parentName:"p"},".")," from the file name and that will be used as the target. For example ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment_patch.yaml"),"\nwill target ",(0,r.kt)("inlineCode",{parentName:"p"},"deployment.yaml"),". The patch will be applied using JSON Merge, Strategic Merge Patch, or JSON Patch.\nWhich strategy is used is based on the file content. Even though JSON strategies are used, the files can be written\nusing YAML syntax."),(0,r.kt)("h2",{id:"cluster-and-bundle-state"},"Cluster and Bundle state"),(0,r.kt)("p",null,"See ",(0,r.kt)("a",{parentName:"p",href:"/0.5/cluster-bundles-state"},"Cluster and Bundle state"),"."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d53097a5.45662c89.js b/assets/js/d53097a5.45662c89.js new file mode 100644 index 000000000..cc2243a45 --- /dev/null +++ b/assets/js/d53097a5.45662c89.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1736],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},h=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),h=c(n),m=a,d=h["".concat(l,".").concat(m)]||h[m]||p[m]||o;return n?r.createElement(d,i(i({ref:t},u),{},{components:n})):r.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=h;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Architecture",s={unversionedId:"architecture",id:"version-0.9/architecture",title:"Architecture",description:"Fleet has two primary components. The Fleet manager and the cluster agents. These",source:"@site/versioned_docs/version-0.9/architecture.md",sourceDirName:".",slug:"/architecture",permalink:"/0.9/architecture",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/architecture.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Uninstall",permalink:"/0.9/uninstall"},next:{title:"Core Concepts",permalink:"/0.9/concepts"}},l={},c=[{value:"Fleet Manager",id:"fleet-manager",level:2},{value:"Cluster Agents",id:"cluster-agents",level:2},{value:"Security",id:"security",level:2},{value:"Component Overview",id:"component-overview",level:2}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"architecture"},"Architecture"),(0,a.kt)("p",null,"Fleet has two primary components. The Fleet manager and the cluster agents. These\ncomponents work in a two-stage pull model. The Fleet manager will pull from git and the\ncluster agents will pull from the Fleet manager."),(0,a.kt)("h2",{id:"fleet-manager"},"Fleet Manager"),(0,a.kt)("p",null,"The Fleet manager is a set of Kubernetes controllers running in any standard Kubernetes\ncluster. The only API exposed by the Fleet manager is the Kubernetes API, there is no\ncustom API for the fleet controller."),(0,a.kt)("h2",{id:"cluster-agents"},"Cluster Agents"),(0,a.kt)("p",null,"One cluster agent runs in each cluster and is responsible for talking to the Fleet manager.\nThe only communication from cluster to Fleet manager is by this agent and all communication\ngoes from the managed cluster to the Fleet manager. The fleet manager does not initiate\nconnections to downstream clusters. This means managed clusters can run in private networks and behind\nNATs. The only requirement is the cluster agent needs to be able to communicate with the\nKubernetes API of the cluster running the Fleet manager. The one exception to this is if you use\nthe ",(0,a.kt)("a",{parentName:"p",href:"/0.9/cluster-registration#manager-initiated"},"manager initiated")," cluster registration flow. This is not required, but\nan optional pattern."),(0,a.kt)("p",null,'The cluster agents are not assumed to have an "always on" connection. They will resume operation as\nsoon as they can connect. Future enhancements will probably add the ability to schedule times of when\nthe agent checks in, as it stands right now they will always attempt to connect.'),(0,a.kt)("h2",{id:"security"},"Security"),(0,a.kt)("p",null,'The Fleet manager dynamically creates service accounts, manages their RBAC and then gives the\ntokens to the downstream clusters. Clusters are registered by optionally expiring cluster registration tokens.\nThe cluster registration token is used only during the registration process to generate a credential specific\nto that cluster. After the cluster credential is established the cluster "forgets" the cluster registration\ntoken.'),(0,a.kt)("p",null,"The service accounts given to the clusters only have privileges to list ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," in the namespace created\nspecifically for that cluster. It can also update the ",(0,a.kt)("inlineCode",{parentName:"p"},"status")," subresource of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," and the ",(0,a.kt)("inlineCode",{parentName:"p"},"status"),"\nsubresource of it's ",(0,a.kt)("inlineCode",{parentName:"p"},"Cluster")," resource."),(0,a.kt)("h2",{id:"component-overview"},"Component Overview"),(0,a.kt)("p",null,"An overview of the components and how they interact on a high level."),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Components",src:n(1913).Z,width:"1320",height:"1280"})))}p.isMDXComponent=!0},1913:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetComponents-c8df42a6b4b21b11f1bba2a2d6a75cce.svg"}}]); \ No newline at end of file diff --git a/assets/js/d6daf0cc.26f45219.js b/assets/js/d6daf0cc.8051d991.js similarity index 98% rename from assets/js/d6daf0cc.26f45219.js rename to assets/js/d6daf0cc.8051d991.js index 8729de581..42baebc30 100644 --- a/assets/js/d6daf0cc.26f45219.js +++ b/assets/js/d6daf0cc.8051d991.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8021],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),d=o,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,s(s({ref:t},p),{},{components:n})):r.createElement(f,s({ref:t},p))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/docs/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-gitrepo.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"},next:{title:"Bundle Resource",permalink:"/ref-bundle"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.\n # Credentials will always be used if it is empty or not provided\n #\n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n # If empty, the "default" cluster group is used.\n #\n # targets: ...\n #\n # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses\n # a three-way merge strategy by default. \n # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating \n # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.\n # Keep in mind that resources might be recreated if force is enabled.\n # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.\n #\n # correctDrift:\n # enabled: false\n # force: false #Warning: it might recreate resources if set to true\n # keepFailHistory: false\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8021],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var c=r.createContext({}),l=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},p=function(e){var t=l(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=l(n),d=o,f=m["".concat(c,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,s(s({ref:t},p),{},{components:n})):r.createElement(f,s({ref:t},p))}));function d(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var a=n.length,s=new Array(a);s[0]=m;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:o,s[1]=i;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>l});var r=n(7462),o=(n(7294),n(3905));const a={},s="GitRepo Resource",i={unversionedId:"ref-gitrepo",id:"ref-gitrepo",title:"GitRepo Resource",description:"The GitRepo resource describes git repositories, how to access them and where the bundles are located.",source:"@site/docs/ref-gitrepo.md",sourceDirName:".",slug:"/ref-gitrepo",permalink:"/ref-gitrepo",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-gitrepo.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"},next:{title:"Bundle Resource",permalink:"/ref-bundle"}},c={},l=[],p={toc:l};function u(e){let{components:t,...n}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"gitrepo-resource"},"GitRepo Resource"),(0,o.kt)("p",null,"The GitRepo resource describes git repositories, how to access them and where the bundles are located."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#gitrepospec"},"GitRepoSpec"),".\nFor more information on how to use GitRepo resource, e.g. how to watch private repositories, see ",(0,o.kt)("a",{parentName:"p",href:"/gitrepo-add"},"Create a GitRepo Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-repo\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # This can be a HTTPS or git URL. If you are using a git URL then\n # clientSecretName will probably need to be set to supply a credential.\n # repo is the only required parameter for a repo to be monitored.\n #\n repo: https://github.com/rancher/fleet-examples\n\n # Enforce all resources go to this target namespace. If a cluster scoped\n # resource is found the deployment will fail.\n #\n # targetNamespace: app1\n\n # Any branch can be watched, this field is optional. If not specified the\n # branch is assumed to be master\n #\n # branch: master\n\n # A specific commit or tag can also be watched.\n #\n # revision: v0.3.0\n\n # For a private registry you must supply a clientSecretName. A default\n # secret can be set at the namespace level using the GitRepoRestriction\n # type. Secrets must be of the type "kubernetes.io/ssh-auth" or\n # "kubernetes.io/basic-auth". The secret is assumed to be in the\n # same namespace as the GitRepo\n #\n # clientSecretName: my-ssh-key\n #\n # If fleet.yaml contains a private Helm repo that requires authentication,\n # provide the credentials in a K8s secret and specify them here.\n # Danger: the credentials will be sent to all repositories referenced from\n # this gitrepo. See section below for more information.\n #\n # helmSecretName: my-helm-secret\n #\n # Helm credentials from helmSecretName will be used if the helm repository url matches this regular expression.\n # Credentials will always be used if it is empty or not provided\n #\n # helmRepoURLRegex: https://charts.rancher.io/*\n #\n # To add additional ca-bundle for self-signed certs, caBundle can be\n # filled with base64 encoded pem data. For example:\n # `cat /path/to/ca.pem | base64 -w 0`\n #\n # caBundle: my-ca-bundle\n #\n # Disable SSL verification for git repo\n #\n # insecureSkipTLSVerify: true\n #\n # A git repo can read multiple paths in a repo at once.\n # The below field is expected to be an array of paths and\n # supports path globbing (ex: some/*/path)\n #\n # Example:\n # paths:\n # - single-path\n # - multiple-paths/*\n paths:\n - simple\n\n # PollingInterval configures how often fleet checks the git repo. The default\n # is 15 seconds.\n # Setting this to zero does not disable polling. It results in a 15s\n # interval, too.\n # As checking a git repo incurs a CPU cost, raising this value can help\n # lowering fleetcontroller\'s CPU usage if tens of git repos are used or more\n #\n # pollingInterval: 15s\n\n # Paused causes changes in Git to not be propagated down to the clusters but\n # instead mark resources as OutOfSync\n #\n # paused: false\n\n # Increment this number to force a redeployment of contents from Git\n #\n # forceSyncGeneration: 0\n\n # The service account that will be used to perform this deployment.\n # This is the name of the service account that exists in the\n # downstream cluster in the cattle-fleet-system namespace. It is assumed\n # this service account already exists so it should be create before\n # hand, most likely coming from another git repo registered with\n # the Fleet manager.\n #\n # serviceAccount: moreSecureAccountThanClusterAdmin\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n # If empty, the "default" cluster group is used.\n #\n # targets: ...\n #\n # Drift correction removes any external change made to resources managed by Fleet. It performs a helm rollback, which uses\n # a three-way merge strategy by default. \n # It will try to update all resources by doing a PUT request if force is enabled. Three-way strategic merge might fail when updating \n # an item inside of an array as it will try to add a new item instead of replacing the existing one. This can be fixed by using force.\n # Keep in mind that resources might be recreated if force is enabled.\n # Failed rollback will be removed from the helm history unless keepFailHistory is set to true.\n #\n # correctDrift:\n # enabled: false\n # force: false #Warning: it might recreate resources if set to true\n # keepFailHistory: false\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/d8f58335.8840a095.js b/assets/js/d8f58335.c60e5867.js similarity index 98% rename from assets/js/d8f58335.8840a095.js rename to assets/js/d8f58335.c60e5867.js index 82772a1ef..75473a74d 100644 --- a/assets/js/d8f58335.8840a095.js +++ b/assets/js/d8f58335.c60e5867.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[764],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.4/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.4/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.4/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/advanced-users.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"},next:{title:"Installation",permalink:"/0.4/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[764],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.4/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.4/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.4/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/advanced-users.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.4/troubleshooting"},next:{title:"Installation",permalink:"/0.4/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.4/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.4/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/da21831e.694ed82f.js b/assets/js/da21831e.b64bcb98.js similarity index 98% rename from assets/js/da21831e.694ed82f.js rename to assets/js/da21831e.b64bcb98.js index adb98330a..c04ee08bf 100644 --- a/assets/js/da21831e.694ed82f.js +++ b/assets/js/da21831e.b64bcb98.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4893],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.5/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.5/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.5/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/advanced-users.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"},next:{title:"Installation",permalink:"/0.5/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4893],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},p=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=i(e,["components","mdxType","originalType","parentName"]),p=c(n),f=a,m=p["".concat(l,".").concat(f)]||p[f]||d[f]||o;return n?r.createElement(m,s(s({ref:t},u),{},{components:n})):r.createElement(m,s({ref:t},u))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,s=new Array(o);s[0]=p;var i={};for(var l in t)hasOwnProperty.call(t,l)&&(i[l]=t[l]);i.originalType=e,i.mdxType="string"==typeof e?e:a,s[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>s,default:()=>d,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},s="Advanced Users",i={unversionedId:"advanced-users",id:"version-0.5/advanced-users",title:"Advanced Users",description:"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases.",source:"@site/versioned_docs/version-0.5/advanced-users.md",sourceDirName:".",slug:"/advanced-users",permalink:"/0.5/advanced-users",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/advanced-users.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Troubleshooting",permalink:"/0.5/troubleshooting"},next:{title:"Installation",permalink:"/0.5/installation"}},l={},c=[],u={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"advanced-users"},"Advanced Users"),(0,a.kt)("p",null,"Note that using Fleet outside of Rancher is highly discouraged for any users who do not need to perform advanced actions. However, there are some advanced use cases that may need to be performed outside of Rancher, also known as Standalone Fleet, or Fleet without Rancher. This section will highlight such use cases."),(0,a.kt)("p",null,"The following are examples of advanced use cases:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},"Nested GitRepo CRs"),(0,a.kt)("blockquote",{parentName:"li"},(0,a.kt)("p",{parentName:"blockquote"},"Managing Fleet within Fleet (nested GitRepo usage) is not currently supported. We will update the documentation if support becomes available."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/single-cluster-install"},"Single cluster installation"))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("a",{parentName:"p",href:"/0.5/multi-cluster-install"},"Multi-cluster installation")," "))),(0,a.kt)("p",null,"Please refer to the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/installation"},"installation")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/uninstall"},"uninstall")," documentation for additional information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/db0ebd24.44917f60.js b/assets/js/db0ebd24.6e1441f3.js similarity index 98% rename from assets/js/db0ebd24.44917f60.js rename to assets/js/db0ebd24.6e1441f3.js index 7d7943a8f..581734da6 100644 --- a/assets/js/db0ebd24.44917f60.js +++ b/assets/js/db0ebd24.6e1441f3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5565],{3905:(e,n,t)=>{t.d(n,{Zo:()=>p,kt:()=>f});var r=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function a(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);n&&(r=r.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,r)}return t}function l(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=r.createContext({}),c=function(e){var n=r.useContext(i),t=n;return e&&(t="function"==typeof e?e(n):l(l({},n),e)),t},p=function(e){var n=c(e.components);return r.createElement(i.Provider,{value:n},e.children)},u={inlineCode:"code",wrapper:function(e){var n=e.children;return r.createElement(r.Fragment,{},n)}},d=r.forwardRef((function(e,n){var t=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(t),f=o,m=d["".concat(i,".").concat(f)]||d[f]||u[f]||a;return t?r.createElement(m,l(l({ref:n},p),{},{components:t})):r.createElement(m,l({ref:n},p))}));function f(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var a=t.length,l=new Array(a);l[0]=d;var s={};for(var i in n)hasOwnProperty.call(n,i)&&(s[i]=n[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{t.r(n),t.d(n,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=t(7462),o=(t(7294),t(3905));const a={},l="Bundle Resource",s={unversionedId:"ref-bundle",id:"version-0.8/ref-bundle",title:"Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created.",source:"@site/versioned_docs/version-0.8/ref-bundle.md",sourceDirName:".",slug:"/ref-bundle",permalink:"/0.8/ref-bundle",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-bundle.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.8/ref-gitrepo"},next:{title:"Troubleshooting",permalink:"/0.8/troubleshooting"}},i={},c=[],p={toc:c};function u(e){let{components:n,...t}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-resource"},"Bundle Resource"),(0,o.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),".\nFor more information on how to use the Bundle resource ",(0,o.kt)("a",{parentName:"p",href:"/0.8/bundle-add"},"Create a Bundle Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # Namespace used for resources that do not specify a namespace.\n # This field is not used to enforce or lock down the deployment to a specific namespace.\n # defaultNamespace: test\n\n # If present will assign all resource to this\n # namespace and if any cluster scoped resource exists the deployment will fail.\n # targetNamespace: app\n\n # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.\n # kustomize: ...\n\n # Helm options for the deployment, like the chart name, repo and values.\n # helm: ...\n\n # ServiceAccount which will be used to perform this deployment.\n # serviceAccount: sa\n\n # ForceSyncGeneration is used to force a redeployment.\n # forceSyncGeneration: 0\n\n # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.\n # yaml: ...\n\n # Diff can be used to ignore the modified state of objects which are amended at runtime.\n # A specific commit or tag can also be watched.\n #\n # diff: ...\n\n # KeepResources can be used to keep the deployed resources when removing the bundle.\n # keepResources: false\n\n # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.\n # paused: false\n\n # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.\n # rolloutStrategy: ...\n\n # Contain the actual resources from the git repo which will be deployed.\n resources:\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n\n # This field is used by Fleet internally, and it should not be modified manually.\n # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.\n # targetRestrictions: ...\n\n # Refers to the bundles which must be ready before this bundle can be deployed.\n # dependsOn: ...\n\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5565],{3905:(e,n,t)=>{t.d(n,{Zo:()=>p,kt:()=>f});var r=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function a(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);n&&(r=r.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,r)}return t}function l(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var i=r.createContext({}),c=function(e){var n=r.useContext(i),t=n;return e&&(t="function"==typeof e?e(n):l(l({},n),e)),t},p=function(e){var n=c(e.components);return r.createElement(i.Provider,{value:n},e.children)},u={inlineCode:"code",wrapper:function(e){var n=e.children;return r.createElement(r.Fragment,{},n)}},d=r.forwardRef((function(e,n){var t=e.components,o=e.mdxType,a=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(t),f=o,m=d["".concat(i,".").concat(f)]||d[f]||u[f]||a;return t?r.createElement(m,l(l({ref:n},p),{},{components:t})):r.createElement(m,l({ref:n},p))}));function f(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var a=t.length,l=new Array(a);l[0]=d;var s={};for(var i in n)hasOwnProperty.call(n,i)&&(s[i]=n[i]);s.originalType=e,s.mdxType="string"==typeof e?e:o,l[1]=s;for(var c=2;c{t.r(n),t.d(n,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var r=t(7462),o=(t(7294),t(3905));const a={},l="Bundle Resource",s={unversionedId:"ref-bundle",id:"version-0.8/ref-bundle",title:"Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created.",source:"@site/versioned_docs/version-0.8/ref-bundle.md",sourceDirName:".",slug:"/ref-bundle",permalink:"/0.8/ref-bundle",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/ref-bundle.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"GitRepo Resource",permalink:"/0.8/ref-gitrepo"},next:{title:"Troubleshooting",permalink:"/0.8/troubleshooting"}},i={},c=[],p={toc:c};function u(e){let{components:n,...t}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-resource"},"Bundle Resource"),(0,o.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,o.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created."),(0,o.kt)("p",null,"The content of the resource corresponds to the ",(0,o.kt)("a",{parentName:"p",href:"./ref-crds#bundlespec"},"BundleSpec"),".\nFor more information on how to use the Bundle resource ",(0,o.kt)("a",{parentName:"p",href:"/0.8/bundle-add"},"Create a Bundle Resource"),"."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n # Namespace used for resources that do not specify a namespace.\n # This field is not used to enforce or lock down the deployment to a specific namespace.\n # defaultNamespace: test\n\n # If present will assign all resource to this\n # namespace and if any cluster scoped resource exists the deployment will fail.\n # targetNamespace: app\n\n # Kustomize options for the deployment, like the dir containing the kustomization.yaml file.\n # kustomize: ...\n\n # Helm options for the deployment, like the chart name, repo and values.\n # helm: ...\n\n # ServiceAccount which will be used to perform this deployment.\n # serviceAccount: sa\n\n # ForceSyncGeneration is used to force a redeployment.\n # forceSyncGeneration: 0\n\n # YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource.\n # yaml: ...\n\n # Diff can be used to ignore the modified state of objects which are amended at runtime.\n # A specific commit or tag can also be watched.\n #\n # diff: ...\n\n # KeepResources can be used to keep the deployed resources when removing the bundle.\n # keepResources: false\n\n # If set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync.\n # paused: false\n\n # Controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability.\n # rolloutStrategy: ...\n\n # Contain the actual resources from the git repo which will be deployed.\n resources:\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n\n # Target clusters to deploy to if running Fleet in a multi-cluster\n # style. Refer to the "Mapping to Downstream Clusters" docs for\n # more information.\n #\n # targets: ...\n\n # This field is used by Fleet internally, and it should not be modified manually.\n # Fleet will copy all targets into targetRestrictions when a Bundle is created for a GitRepo.\n # targetRestrictions: ...\n\n # Refers to the bundles which must be ready before this bundle can be deployed.\n # dependsOn: ...\n\n')))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/dd67116e.097f1b82.js b/assets/js/dd67116e.db1849d8.js similarity index 97% rename from assets/js/dd67116e.097f1b82.js rename to assets/js/dd67116e.db1849d8.js index 5d85acbf3..8008c7bbf 100644 --- a/assets/js/dd67116e.097f1b82.js +++ b/assets/js/dd67116e.db1849d8.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2425],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.4/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.4/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.4/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-tokens.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2425],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.4/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.4/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.4/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-tokens.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.4/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.4/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/dd81469d.5be4f5a7.js b/assets/js/dd81469d.1bf071ff.js similarity index 97% rename from assets/js/dd81469d.5be4f5a7.js rename to assets/js/dd81469d.1bf071ff.js index e00827535..397998ea5 100644 --- a/assets/js/dd81469d.5be4f5a7.js +++ b/assets/js/dd81469d.1bf071ff.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8361],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/docs/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_test.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"}},c={},s=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:s};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8361],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),s=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=s(e.components);return r.createElement(c.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=s(n),d=l,m=u["".concat(c,".").concat(d)]||u[d]||f[d]||a;return n?r.createElement(m,o(o({ref:t},p),{},{components:n})):r.createElement(m,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>f,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet test"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_test",id:"cli/fleet-cli/fleet_test",title:"",description:"fleet test",source:"@site/docs/cli/fleet-cli/fleet_test.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_test",permalink:"/cli/fleet-cli/fleet_test",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/cli/fleet-cli/fleet_test.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet test"},sidebar:"docs",previous:{title:"fleet apply",permalink:"/cli/fleet-cli/fleet_apply"},next:{title:"fleet-manager",permalink:"/cli/fleet-controller/fleet-manager"}},c={},s=[{value:"fleet test",id:"fleet-test",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:s};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-test"},"fleet test"),(0,l.kt)("p",null,"Match a bundle to a target and render the output"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet test [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -g, --group string Cluster group to match against\n -L, --group-label strings Cluster group labels to match against\n -h, --help help for test\n -l, --label strings Cluster labels to match against\n -N, --name string Cluster name to match against\n -q, --quiet Just print the match and don't print the resources\n -t, --target string Explicit target to match\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/de08e76e.e5e28e2c.js b/assets/js/de08e76e.f584daba.js similarity index 99% rename from assets/js/de08e76e.e5e28e2c.js rename to assets/js/de08e76e.f584daba.js index 8d7df54e4..cfc4b2ff1 100644 --- a/assets/js/de08e76e.e5e28e2c.js +++ b/assets/js/de08e76e.f584daba.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[299],{3905:(t,e,a)=>{a.d(e,{Zo:()=>s,kt:()=>k});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var p=n.createContext({}),m=function(t){var e=n.useContext(p),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},s=function(t){var e=m(t.components);return n.createElement(p.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},o=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,p=t.parentName,s=u(t,["components","mdxType","originalType","parentName"]),o=m(a),k=l,N=o["".concat(p,".").concat(k)]||o[k]||d[k]||r;return a?n.createElement(N,i(i({ref:e},s),{},{components:a})):n.createElement(N,i({ref:e},s))}));function k(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=o;var u={};for(var p in e)hasOwnProperty.call(e,p)&&(u[p]=e[p]);u.originalType=t,u.mdxType="string"==typeof t?t:l,i[1]=u;for(var m=2;m{a.r(e),a.d(e,{assets:()=>p,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>u,toc:()=>m});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",u={unversionedId:"ref-crds",id:"ref-crds",title:"Custom Resources Spec",description:"* Bundle",source:"@site/docs/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-crds.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"List of Deployed Resources",permalink:"/ref-resources"},next:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"}},p={},m=[{value:"Bundle",id:"bundle",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentResource",id:"bundledeploymentresource",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"IgnoreOptions",id:"ignoreoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"Content",id:"content",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"CorrectDrift",id:"correctdrift",level:4},{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4}],s={toc:m};function d(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},s,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy"))),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("p",null,"Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.\\n\\nWhen a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("p",null,"BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is a summary state for the bundle, calculated over the non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching bundle's labels."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("p",null,"BundleResource represents the content of a single resource from the bundle, like a YAML manifest."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource, can include the bundle's internal path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"The content of the resource, can be compressed."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null},'Encoding is either empty or \\"base64+gz\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains the resources that were read from the bundle's path. This includes the content of downloaded helm charts."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleresource"},"BundleResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions is an allow list, which controls if a bundledeployment is created for a target."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null},"NewlyCreated is the number of bundle deployments that have been created, not updated."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"UnavailablePartitions is the number of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable deployments. See rollout configuration."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"PartitionStatus lists the status of each partition."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc.."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("p",null,"BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of bundle deployments that have been deployed where some resources are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"ErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"OutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of bundle deployments that have been deployed where all resources are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null},"Pending is the number of bundle deployments that are being processed by Fleet controller."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of bundle deployments that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of states, which is filled for a bundle that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("p",null,"BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},'Name of target. This value is largely for display and logging. If not specified a default name of the format \\"target000\\" will be used'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName to match a specific cluster by name that will be selected"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup to match a specific cluster group by name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a selector to match cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"doNotDeploy"),(0,l.kt)("td",{parentName:"tr",align:null},"DoNotDeploy if set to true, will not deploy to this target."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("p",null,"BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("p",null,'NonReadyResource contains information about a bundle that is not ready for a given state like \\"ErrApplied\\". It contains a list of non-ready or modified resources and their states.'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, like e.g. \\"NotReady\\" or \\"ErrApplied\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains information why the bundle is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"ModifiedStatus lists the state for each modified resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyStatus lists the state for each non-ready resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("p",null,"Partition defines a separate rollout strategy for a set of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"A user-friendly name given to the partition used for Display (optional)."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"A cluster group name to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster group labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("p",null,"PartitionStatus is the status of a single rollout partition."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null},"Count is the number of clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary state for the partition, calculated over its non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("p",null,"ResourceKey lists resources, which will likely be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s api kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the k8s api version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("p",null,"RolloverStrategy controls the rollout of the bundle across clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn't take effect on update. default: 100%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partition"},"Partition")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("p",null,"BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ignore"),(0,l.kt)("td",{parentName:"tr",align:null},"IgnoreOptions can be used to ignore fields when monitoring the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceLabels are labels that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceAnnotations"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceAnnotations are annotations that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentresource"},"BundleDeploymentResource"),(0,l.kt)("p",null,"BundleDeploymentResource contains the metadata of a deployed resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"createdAt"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedOptions are the deployment options, that are staged for the next deployment."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedDeploymentID is the ID of the staged deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null},"Options are the deployment options, that are currently applied."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"DeploymentID is the ID of the currently applied deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources lists the metadata of resources that were deployed according to the helm release history."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("p",null,"ComparePatch matches a resource and removes fields from the check for modifications."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the kind of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the apiVersion of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null},"Operations remove a JSON path from the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#operation"},"Operation")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null},"JSONPointers ignore diffs at a certain JSON path."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null},"ComparePatches match a resource and remove fields from the check for modifications."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("p",null,"HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disableDNS"),(0,l.kt)("td",{parentName:"tr",align:null},"DisableDNS can be used to customize Helm's EnableDNS option, which Fleet sets to ",(0,l.kt)("inlineCode",{parentName:"td"},"true")," by default."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"skipSchemaValidation"),(0,l.kt)("td",{parentName:"tr",align:null},"SkipSchemaValidation allows skipping schema validation against the chart values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"ignoreoptions"},"IgnoreOptions"),(0,l.kt)("p",null,"IgnoreOptions defines conditions to be ignored when monitoring the Bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions to be ignored when monitoring the Bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("p",null,"KustomizeOptions for a deployment."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null},"Dir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of a resource in the same namespace as the referent."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("p",null,"ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("p",null,"NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("p",null,'Operation of a ComparePatch, usually \\"remove\\".'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null},'Op is usually \\"remove\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null},"Path is the JSON path to remove."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null},"Value is usually empty."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("p",null,"YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null},'Overlays is a list of names that maps to folders in \\"overlays/\\". If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("p",null,"BundleNamespaceMapping maps bundles to clusters in other namespaces."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSeen is the last time the agent checked in to update the status of the cluster resource."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the namespace of the agent deployment, e.g. \\"cattle-fleet-system\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNodes is the number of nodes that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes is the number of nodes that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNode contains the names of non-ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes contains the names of ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("p",null,"Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyNodes is a string in the form \\"%d/%d\\", that describes the number of nodes that are ready vs. the number of expected nodes.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null},"SampleNode is the name of one of the nodes that are ready. If no node is ready, it's the name of a node that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State of the cluster, either one of the bundle states, or \\"WaitCheckIn\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster. It can optionally contain a APIServerURL and CA to override the values in the fleet-controller's configmap."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecretNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecretNamespace is the namespace of the secret containing the kubeconfig for the downstream cluster. If unset, it will be assumed the secret can be found in the namespace that the Cluster object resides within."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]corev1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]corev1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts is an aggregate over the GitRepoResourceCounts."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyGitRepos is the number of gitrepos for this cluster that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVarsHash is a hash of the agent's env vars, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentPrivateRepoURL is the private repo URL for the agent that is currently used."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentDeployedGeneration is the generation of the agent that is currently deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"CattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinityHash is a hash of the agent's affinity configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResourcesHash is a hash of the agent's resources configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerationsHash is a hash of the agent's tolerations configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentConfigChanged"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerURL"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerCAHash"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerCAHash is a hash of the upstream API server CA, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready bundles, nodes and a summary state."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentStatus contains information about the agent."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("p",null,"ClusterGroup is a re-usable selector to target a group of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is a summary state for the cluster group, showing \\"NotReady\\" if there are non-ready resources.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector is a label selector, used to select clusters for this group."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterCount is the number of clusters in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusterCount is the number of clusters that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of cluster names that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions and their statuses for the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundle deployments and their resources in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("p",null,"ClusterRegistration is used internally by Fleet and should not be used directly."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterLabels are copied to the cluster resource during the registration."),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is only set after the registration is being processed by fleet-controller."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null},"Granted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("p",null,"ClusterRegistrationToken is used by agents to register a new cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null},"TTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null},"Expires is the time when the token expires."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretName is the name of the secret containing the token."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("p",null,"Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"Content is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment's content resource, so the downstream agent can deploy them."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"correctdrift"},"CorrectDrift"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"enabled"),(0,l.kt)("td",{parentName:"tr",align:null},"Enabled correct drift if true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force helm rollback with --force option will be used if true. This will try to recreate all resources in the release."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepFailHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepFailHistory keeps track of failed rollbacks in the helm history."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("p",null,"GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundleDeployments is a string in the form \\"%d/%d\\", that describes the number of ready bundledeployments over the total number of bundledeployments.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the GitRepo, e.g. \\"GitUpdating\\" or the maximal BundleState according to StateRank.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains the relevant message from the deployment conditions."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if a message is present."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("p",null,"GitRepoResource contains metadata about the resources of a bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the API version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null},'Type is the type of the resource, e.g. \\"apiextensions.k8s.io.customresourcedefinition\\" or \\"configmap\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null},'ID is the name of the resource, e.g. \\"namespace1/my-config\\" or \\"backingimagemanagers.storage.io\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null},"IncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, e.g. \\"Unknown\\", \\"WaitApplied\\", \\"ErrApplied\\" or \\"Ready\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if any Error in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if any Transitioning in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message is the first message from the PerClusterStates."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null},"PerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("p",null,"GitRepoResourceCounts contains the number of resources in each state."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of resources that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of resources that are waiting to be applied."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of resources that have been modified."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null},"Orphaned is the number of orphaned resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null},"Missing is the number of missing resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null},"Unknown is the number of resources in an unknown state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of not ready resources. Resources are not ready if they do not match any other state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for a private Helm repository."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretNameForPaths"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretNameForPaths contains the auth secret for private Helm repository for each path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of targets this repo will deploy to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gittarget"},"GitTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when a new image is scanned and written back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit is the Git commit hash from the last gitjob run."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyClusters\\tis the number of clusters that should be ready for bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null},'GitJobStatus is the status of the last GitJob run, e.g. \\"Current\\" if there was no error.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains a human readable summary of the status."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains metadata about the resources of each bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceErrors is a sorted list of errors from the resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSyncedImageScanTime is the time of the last image scan."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("p",null,"GitTarget is a cluster or cluster group to deploy to."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of this target."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a label selector to select clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup is the name of a cluster group in the same namespace as the clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a label selector to select cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("p",null,"ResourcePerClusterState is generated for each non-ready resource of the bundles."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is the state of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if the resource is in an error state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if the resource is in a transitioning state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message combines the messages from the bundle's summary. Messages are joined with the delimiter ';'."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null},"Patch for modified resources."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterID is the id of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("p",null,"GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultServiceAccount overrides the GitRepo's default service account."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultClientSecretName overrides the GitRepo's default client secret."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[299],{3905:(t,e,a)=>{a.d(e,{Zo:()=>s,kt:()=>k});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var p=n.createContext({}),m=function(t){var e=n.useContext(p),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},s=function(t){var e=m(t.components);return n.createElement(p.Provider,{value:e},t.children)},d={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},o=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,p=t.parentName,s=u(t,["components","mdxType","originalType","parentName"]),o=m(a),k=l,N=o["".concat(p,".").concat(k)]||o[k]||d[k]||r;return a?n.createElement(N,i(i({ref:e},s),{},{components:a})):n.createElement(N,i({ref:e},s))}));function k(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=o;var u={};for(var p in e)hasOwnProperty.call(e,p)&&(u[p]=e[p]);u.originalType=t,u.mdxType="string"==typeof t?t:l,i[1]=u;for(var m=2;m{a.r(e),a.d(e,{assets:()=>p,contentTitle:()=>i,default:()=>d,frontMatter:()=>r,metadata:()=>u,toc:()=>m});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",u={unversionedId:"ref-crds",id:"ref-crds",title:"Custom Resources Spec",description:"* Bundle",source:"@site/docs/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-crds.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"List of Deployed Resources",permalink:"/ref-resources"},next:{title:"fleet.yaml",permalink:"/ref-fleet-yaml"}},p={},m=[{value:"Bundle",id:"bundle",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentResource",id:"bundledeploymentresource",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"IgnoreOptions",id:"ignoreoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"Content",id:"content",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"CorrectDrift",id:"correctdrift",level:4},{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4}],s={toc:m};function d(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},s,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy"))),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("p",null,"Bundle contains the resources of an application and its deployment options. It will be deployed as a Helm chart to target clusters.\\n\\nWhen a GitRepo is scanned it will produce one or more bundles. Bundles are a collection of resources that get deployed to one or more cluster(s). Bundle is the fundamental deployment unit used in Fleet. The contents of a Bundle may be Kubernetes manifests, Kustomize configuration, or Helm charts. Regardless of the source the contents are dynamically rendered into a Helm chart by the agent and installed into the downstream cluster as a Helm release."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("p",null,"BundleDisplay contains the number of ready, desiredready clusters and a summary state for the bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is a summary state for the bundle, calculated over the non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching bundle's labels."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("p",null,"BundleResource represents the content of a single resource from the bundle, like a YAML manifest."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource, can include the bundle's internal path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"The content of the resource, can be compressed."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null},'Encoding is either empty or \\"base64+gz\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains the resources that were read from the bundle's path. This includes the content of downloaded helm charts."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleresource"},"BundleResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to. Targets are evaluated in order and the first one to match is used."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions is an allow list, which controls if a bundledeployment is created for a target."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null},"NewlyCreated is the number of bundle deployments that have been created, not updated."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of bundle deployments that are not ready or where the AppliedDeploymentID in the status does not match the DeploymentID from the spec."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"UnavailablePartitions is the number of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable deployments. See rollout configuration."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailablePartitions is the maximum number of unavailable partitions. The rollout configuration defines a maximum number or percentage of unavailable partitions."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxNew is always 50. A bundle change can only stage 50 bundledeployments at a time."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"PartitionStatus lists the status of each partition."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceKey lists resources, which will likely be deployed. The actual list of resources on a cluster might differ, depending on the helm chart, value templating, etc.."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("p",null,"BundleSummary contains the number of bundle deployments in each state and a list of non-ready resources. It is used in the bundle, clustergroup, cluster and gitrepo status."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of bundle deployments that have been deployed where some resources are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of bundle deployments that have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"ErrApplied is the number of bundle deployments that have been synced from the Fleet controller and the downstream cluster, but with some errors when deploying the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"OutOfSync is the number of bundle deployments that have been synced from Fleet controller, but not yet by the downstream agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of bundle deployments that have been deployed and for which all resources are ready, but where some changes from the Git repository have not yet been synced."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of bundle deployments that have been deployed where all resources are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null},"Pending is the number of bundle deployments that are being processed by Fleet controller."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of bundle deployments that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of states, which is filled for a bundle that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("p",null,"BundleTarget declares clusters to deploy to. Fleet will merge the BundleDeploymentOptions from customizations into this struct."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},'Name of target. This value is largely for display and logging. If not specified a default name of the format \\"target000\\" will be used'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName to match a specific cluster by name that will be selected"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a selector to match clusters. The structure is the standard metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified, clusterSelector will be used only to further refine the selection after clusterGroupSelector and clusterGroup is evaluated."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup to match a specific cluster group by name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a selector to match cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"doNotDeploy"),(0,l.kt)("td",{parentName:"tr",align:null},"DoNotDeploy if set to true, will not deploy to this target."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("p",null,"BundleTargetRestriction is used internally by Fleet and should not be modified. It acts as an allow list, to prevent the creation of BundleDeployments from Targets created by TargetCustomizations in fleet.yaml."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("p",null,'NonReadyResource contains information about a bundle that is not ready for a given state like \\"ErrApplied\\". It contains a list of non-ready or modified resources and their states.'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, like e.g. \\"NotReady\\" or \\"ErrApplied\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains information why the bundle is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"ModifiedStatus lists the state for each modified resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyStatus lists the state for each non-ready resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("p",null,"Partition defines a separate rollout strategy for a set of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"A user-friendly name given to the partition used for Display (optional)."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable in this partition before this partition is treated as done. default: 10%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"A cluster group name to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector matching cluster group labels to include in this partition"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("p",null,"PartitionStatus is the status of a single rollout partition."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null},"Count is the number of clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxUnavailable is the maximum number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"Unavailable is the number of unavailable clusters in the partition."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary state for the partition, calculated over its non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("p",null,"ResourceKey lists resources, which will likely be deployed."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s api kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the k8s api version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("p",null,"RolloverStrategy controls the rollout of the bundle across clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of clusters that can be unavailable during an update of a bundle. This follows the same basic approach as a deployment rollout strategy. Once the number of clusters meets unavailable state update will be paused. Default value is 100% which doesn't take effect on update. default: 100%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of cluster partitions that can be unavailable during an update of a bundle. default: 0"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null},"A number or percentage of how to automatically partition clusters if no specific partitioning strategy is configured. default: 25%"),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null},"A list of definitions of partitions. If any target clusters do not match the configuration they are added to partitions at the end following the autoPartitionSize."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#partition"},"Partition")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("p",null,"BundleDeployment is used internally by Fleet and should not be used directly. When a Bundle is deployed to a cluster an instance of a Bundle is called a BundleDeployment. A BundleDeployment represents the state of that Bundle on a specific cluster with its cluster-specific customizations. The Fleet agent is only aware of BundleDeployment resources that are created for the cluster the agent is managing."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ignore"),(0,l.kt)("td",{parentName:"tr",align:null},"IgnoreOptions can be used to ignore fields when monitoring the bundle."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#ignoreoptions"},"IgnoreOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceLabels are labels that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceAnnotations"),(0,l.kt)("td",{parentName:"tr",align:null},"NamespaceAnnotations are annotations that will be appended to the namespace created by Fleet."),(0,l.kt)("td",{parentName:"tr",align:null},"*map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentresource"},"BundleDeploymentResource"),(0,l.kt)("p",null,"BundleDeploymentResource contains the metadata of a deployed resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"createdAt"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. If true, BundleDeployments will be marked as out of sync when changes are detected."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedOptions are the deployment options, that are staged for the next deployment."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"StagedDeploymentID is the ID of the staged deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null},"Options are the deployment options, that are currently applied."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null},"DeploymentID is the ID of the currently applied deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundleref"},"BundleRef")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources lists the metadata of resources that were deployed according to the helm release history."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentresource"},"BundleDeploymentResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("p",null,"ComparePatch matches a resource and removes fields from the check for modifications."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the kind of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the apiVersion of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace is the namespace of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of the resource to match."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null},"Operations remove a JSON path from the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#operation"},"Operation")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null},"JSONPointers ignore diffs at a certain JSON path."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null},"ComparePatches match a resource and remove fields from the check for modifications."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("p",null,"HelmOptions for the deployment. For Helm-based bundles, all options can be used, otherwise some options are ignored. For example ReleaseName works with all bundle types."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disableDNS"),(0,l.kt)("td",{parentName:"tr",align:null},"DisableDNS can be used to customize Helm's EnableDNS option, which Fleet sets to ",(0,l.kt)("inlineCode",{parentName:"td"},"true")," by default."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"skipSchemaValidation"),(0,l.kt)("td",{parentName:"tr",align:null},"SkipSchemaValidation allows skipping schema validation against the chart values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"ignoreoptions"},"IgnoreOptions"),(0,l.kt)("p",null,"IgnoreOptions defines conditions to be ignored when monitoring the Bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions to be ignored when monitoring the Bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[]map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("p",null,"KustomizeOptions for a deployment."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null},"Dir points to a custom folder for kustomize resources. This folder must contain a kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of a resource in the same namespace as the referent."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("p",null,"ModifiedStatus is used to report the status of a resource that is modified. It indicates if the modification was a create, a delete or a patch."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("p",null,"NonReadyStatus is used to report the status of a resource that is not ready. It includes a summary."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("p",null,'Operation of a ComparePatch, usually \\"remove\\".'),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null},'Op is usually \\"remove\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null},"Path is the JSON path to remove."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null},"Value is usually empty."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("p",null,"YAMLOptions, if using raw YAML these are names that map to overlays/{name} files that will be used to replace or patch a resource."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null},'Overlays is a list of names that maps to folders in \\"overlays/\\". If you wish to customize the file ./subdir/resource.yaml then a file ./overlays/myoverlay/subdir/resource.yaml will replace the base file. A file named ./overlays/myoverlay/subdir/resource_patch.yaml will patch the base file.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("p",null,"BundleNamespaceMapping maps bundles to clusters in other namespaces."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSeen is the last time the agent checked in to update the status of the cluster resource."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the namespace of the agent deployment, e.g. \\"cattle-fleet-system\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNodes is the number of nodes that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes is the number of nodes that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyNode contains the names of non-ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyNodes contains the names of ready nodes. The list is limited to at most 3 names."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("p",null,"Cluster corresponds to a Kubernetes cluster. Fleet deploys bundles to targeted clusters. Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyNodes is a string in the form \\"%d/%d\\", that describes the number of nodes that are ready vs. the number of expected nodes.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null},"SampleNode is the name of one of the nodes that are ready. If no node is ready, it's the name of a node that is not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State of the cluster, either one of the bundle states, or \\"WaitCheckIn\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster. It can optionally contain a APIServerURL and CA to override the values in the fleet-controller's configmap."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecretNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecretNamespace is the namespace of the secret containing the kubeconfig for the downstream cluster. If unset, it will be assumed the secret can be found in the namespace that the Cluster object resides within."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]corev1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]corev1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinity"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinity overrides the default affinity for the cluster's agent deployment. If this value is nil the default affinity is used."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.Affinity"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResources"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResources sets the resources for the cluster's agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.ResourceRequirements"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundledeployments. The resource counts are copied from the gitrepo resource."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts is an aggregate over the GitRepoResourceCounts."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyGitRepos is the number of gitrepos for this cluster that are ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyGitRepos is the number of gitrepos for this cluster that are desired to be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVarsHash is a hash of the agent's env vars, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentPrivateRepoURL is the private repo URL for the agent that is currently used."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentDeployedGeneration is the generation of the agent that is currently deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null},"CattleNamespaceMigrated is always set to true after importing a cluster. If false, it will trigger a migration. Old Fleet agents, don't have this in their status."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentAffinityHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentAffinityHash is a hash of the agent's affinity configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentResourcesHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentResourcesHash is a hash of the agent's resources configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerationsHash"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerationsHash is a hash of the agent's tolerations configuration, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentConfigChanged"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentConfigChanged is set to true if any of the agent configuration changed, like the API server URL or CA. Setting it to true will trigger a re-import of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerURL"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerURL is the currently used URL of the API server that the cluster uses to connect to upstream."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiServerCAHash"),(0,l.kt)("td",{parentName:"tr",align:null},"APIServerCAHash is a hash of the upstream API server CA, used to detect changes."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready bundles, nodes and a summary state."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentStatus contains information about the agent."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("p",null,"ClusterGroup is a re-usable selector to target a group of clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyClusters is a string in the form \\"%d/%d\\", that describes the number of clusters that are ready vs. the number of clusters desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundles is a string in the form \\"%d/%d\\", that describes the number of bundles that are ready vs. the number of bundles desired to be ready.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is a summary state for the cluster group, showing \\"NotReady\\" if there are non-ready resources.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null},"Selector is a label selector, used to select clusters for this group."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterCount is the number of clusters in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusterCount is the number of clusters that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"NonReadyClusters is a list of cluster names that are not ready."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of conditions and their statuses for the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary is a summary of the bundle deployments and their resources in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains the number of ready, desiredready clusters and a summary state for the bundle's resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles in the cluster group."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("p",null,"ClusterRegistration is used internally by Fleet and should not be used directly."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. The agent either uses the configured ID or the kubeSystem.UID."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientRandom is a random string that the agent generates. When fleet-controller grants a registration, it creates a registration secret with this string in the name."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterLabels are copied to the cluster resource during the registration."),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is only set after the registration is being processed by fleet-controller."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null},"Granted is set to true, if the request service account is present and its token secret exists. This happens directly before creating the registration secret, roles and rolebindings."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("p",null,"ClusterRegistrationToken is used by agents to register a new cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null},"TTL is the time to live for the token. It is used to calculate the expiration time. If the token expires, it will be deleted."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null},"Expires is the time when the token expires."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretName is the name of the secret containing the token."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("p",null,"Content is used internally by Fleet and should not be used directly. It contains the resources from a bundle for a specific target cluster."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null},"Content is a byte array, which contains the manifests of a bundle. The bundle resources are copied into the bundledeployment's content resource, so the downstream agent can deploy them."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"correctdrift"},"CorrectDrift"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"enabled"),(0,l.kt)("td",{parentName:"tr",align:null},"Enabled correct drift if true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force helm rollback with --force option will be used if true. This will try to recreate all resources in the release."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepFailHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepFailHistory keeps track of failed rollbacks in the helm history."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("p",null,"GitRepo describes a git repository that is watched by Fleet. The resource contains the necessary information to deploy the repo, or parts of it, to target clusters."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null},'ReadyBundleDeployments is a string in the form \\"%d/%d\\", that describes the number of ready bundledeployments over the total number of bundledeployments.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the GitRepo, e.g. \\"GitUpdating\\" or the maximal BundleState according to StateRank.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message contains the relevant message from the deployment conditions."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if a message is present."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("p",null,"GitRepoResource contains metadata about the resources of a bundle."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null},"APIVersion is the API version of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null},"Kind is the k8s kind of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null},'Type is the type of the resource, e.g. \\"apiextensions.k8s.io.customresourcedefinition\\" or \\"configmap\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null},'ID is the name of the resource, e.g. \\"namespace1/my-config\\" or \\"backingimagemanagers.storage.io\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Namespace of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null},"IncompleteState is true if a bundle summary has 10 or more non-ready resources or a non-ready resource has more 10 or more non-ready or modified states."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},'State is the state of the resource, e.g. \\"Unknown\\", \\"WaitApplied\\", \\"ErrApplied\\" or \\"Ready\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if any Error in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if any Transitioning in the PerClusterState is true."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message is the first message from the PerClusterStates."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null},"PerClusterState is a list of states for each cluster. Derived from the summaries non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("p",null,"GitRepoResourceCounts contains the number of resources in each state."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null},"Ready is the number of ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReady is the number of resources that should be ready."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitApplied is the number of resources that are waiting to be applied."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null},"Modified is the number of resources that have been modified."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null},"Orphaned is the number of orphaned resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null},"Missing is the number of missing resources."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null},"Unknown is the number of resources in an unknown state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null},"NotReady is the number of not ready resources. Resources are not ready if they do not match any other state."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the name of the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for a private Helm repository."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretNameForPaths"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretNameForPaths contains the auth secret for private Helm repository for each path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is supported, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default.'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused, when true, causes changes in Git not to be propagated down to the clusters but instead to mark resources as OutOfSync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of targets this repo will deploy to."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gittarget"},"GitTarget")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when a new image is scanned and written back to git repo."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"correctDrift"),(0,l.kt)("td",{parentName:"tr",align:null},"CorrectDrift specifies how drift correction should work."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#correctdrift"},"CorrectDrift")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ObservedGeneration is the current generation of the resource in the cluster. It is copied from k8s metadata.Generation. The value is incremented for all changes, except for changes to .metadata or .status."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit is the Git commit hash from the last gitjob run."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"ReadyClusters is the lowest number of clusters that are ready over all the bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null},"DesiredReadyClusters\\tis the number of clusters that should be ready for bundles of this GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null},'GitJobStatus is the status of the last GitJob run, e.g. \\"Current\\" if there was no error.'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null},"Summary contains the number of bundle deployments in each state and a list of non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null},"Display contains a human readable summary of the status."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null},"Conditions is a list of Wrangler conditions that describe the state of the GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contains metadata about the resources of each bundle."),(0,l.kt)("td",{parentName:"tr",align:null},"[","]",(0,l.kt)("a",{parentName:"td",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceCounts contains the number of resources in each state over all bundles."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null},"ResourceErrors is a sorted list of errors from the resources."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastSyncedImageScanTime is the time of the last image scan."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("p",null,"GitTarget is a cluster or cluster group to deploy to."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null},"Name is the name of this target."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterName is the name of a cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterSelector is a label selector to select clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroup is the name of a cluster group in the same namespace as the clusters."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterGroupSelector is a label selector to select cluster groups."),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("p",null,"ResourcePerClusterState is generated for each non-ready resource of the bundles."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null},"State is the state of the resource."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null},"Error is true if the resource is in an error state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null},"Transitioning is true if the resource is in a transitioning state, copied from the bundle's summary for non-ready resources."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null},"Message combines the messages from the bundle's summary. Messages are joined with the delimiter ';'."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null},"Patch for modified resources."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null},"ClusterID is the id of the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("p",null,"GitRepoRestriction is a resource that can optionally be used to restrict the options of GitRepos in the same namespace."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultServiceAccount overrides the GitRepo's default service account."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedServiceAccounts is a list of service accounts that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedRepoPatterns is a list of regex patterns that restrict the valid values of the Repo field of a GitRepo."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultClientSecretName overrides the GitRepo's default client secret."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedClientSecretNames is a list of client secret names that GitRepos are allowed to use."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null},"AllowedTargetNamespaces restricts TargetNamespace to the given namespaces. If AllowedTargetNamespaces is set, TargetNamespace must be set."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/de69e49e.08d8f0f9.js b/assets/js/de69e49e.08d8f0f9.js new file mode 100644 index 000000000..20ed23656 --- /dev/null +++ b/assets/js/de69e49e.08d8f0f9.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[9706],{3905:(e,t,n)=>{n.d(t,{Zo:()=>s,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var c=r.createContext({}),p=function(e){var t=r.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},s=function(e){var t=p(e.components);return r.createElement(c.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},f=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,s=i(e,["components","mdxType","originalType","parentName"]),f=p(n),d=l,m=f["".concat(c,".").concat(d)]||f[d]||u[d]||a;return n?r.createElement(m,o(o({ref:t},s),{},{components:n})):r.createElement(m,o({ref:t},s))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=f;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>p});var r=n(7462),l=(n(7294),n(3905));const a={title:"",sidebar_label:"fleet cleanup"},o=void 0,i={unversionedId:"cli/fleet-cli/fleet_cleanup",id:"version-0.9/cli/fleet-cli/fleet_cleanup",title:"",description:"fleet cleanup",source:"@site/versioned_docs/version-0.9/cli/fleet-cli/fleet_cleanup.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_cleanup",permalink:"/0.9/cli/fleet-cli/fleet_cleanup",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cli/fleet-cli/fleet_cleanup.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet cleanup"}},c={},p=[{value:"fleet cleanup",id:"fleet-cleanup",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],s={toc:p};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},s,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-cleanup"},"fleet cleanup"),(0,l.kt)("p",null,"Clean up outdated cluster registrations"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet cleanup [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --factor string Factor to increase delay between deletes (default: 1.1)\n -h, --help help for cleanup\n --max string Maximum delay between deletes (default: 5s)\n --min string Minimum delay between deletes (default: 10ms)\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/dfa3dc49.6805eef0.js b/assets/js/dfa3dc49.15ac5677.js similarity index 99% rename from assets/js/dfa3dc49.6805eef0.js rename to assets/js/dfa3dc49.15ac5677.js index 0b065cd86..a5690c5c5 100644 --- a/assets/js/dfa3dc49.6805eef0.js +++ b/assets/js/dfa3dc49.15ac5677.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[599],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},4757:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/docs/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/tut-deployment.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/quickstart"},next:{title:"Uninstall",permalink:"/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>T});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),i=a(1980),u=a(7392),m=a(12);function p(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function c(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??p(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function d(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,i._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=c(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[i,u]=d({queryString:a,groupId:l}),[p,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,m.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),y=(()=>{const e=i??p;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{y&&o(y)}),[y]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var y=a(2389);const k="tabList__CuJ",g="tabItem_LNqP";function b(e){let{className:t,block:a,selectedValue:o,selectValue:i,tabValues:u}=e;const m=[],{blockElementScrollPositionUntilNextRender:p}=(0,s.o5)(),c=e=>{const t=e.currentTarget,a=m.indexOf(t),l=u[a].value;l!==o&&(p(t),i(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":c(e);break;case"ArrowRight":{const t=m.indexOf(e.currentTarget)+1;a=m[t]??m[0];break}case"ArrowLeft":{const t=m.indexOf(e.currentTarget)-1;a=m[t]??m[m.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>m.push(e),onKeyDown:h,onClick:c},s,{className:(0,r.Z)("tabs__item",g,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function v(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(b,(0,l.Z)({},e,t)),n.createElement(v,(0,l.Z)({},e,t)))}function T(e){const t=(0,y.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},4757:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>u,default:()=>d,frontMatter:()=>i,metadata:()=>m,toc:()=>c});var l=a(7462),n=(a(7294),a(3905)),r=a(814),s=a(4866),o=a(5162);const i={},u="Creating a Deployment",m={unversionedId:"tut-deployment",id:"tut-deployment",title:"Creating a Deployment",description:"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it.",source:"@site/docs/tut-deployment.md",sourceDirName:".",slug:"/tut-deployment",permalink:"/tut-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/tut-deployment.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Quick Start",permalink:"/quickstart"},next:{title:"Uninstall",permalink:"/uninstall"}},p={},c=[{value:"Single-Cluster Examples",id:"single-cluster-examples",level:2},{value:"Multi-Cluster Examples",id:"multi-cluster-examples",level:2}],h={toc:c};function d(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"creating-a-deployment"},"Creating a Deployment"),(0,n.kt)("p",null,"To deploy workloads onto downstream clusters, first create a Git repo, then create a GitRepo resource and apply it."),(0,n.kt)("p",null,"This tutorial uses the ",(0,n.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples"},"fleet-examples")," repository."),(0,n.kt)("admonition",{type:"note"},(0,n.kt)("p",{parentName:"admonition"},"For more details on how to structure the repository and configure the deployment of each bundle see ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-content"},"GitRepo Contents"),".\nFor more details on the options that are available per Git repository see ",(0,n.kt)("a",{parentName:"p",href:"/gitrepo-add"},"Adding a GitRepo"),".")),(0,n.kt)("h2",{id:"single-cluster-examples"},"Single-Cluster Examples"),(0,n.kt)("p",null,"All examples will deploy content to clusters with no per-cluster customizations. This is a good starting point to understand the basics of structuring Git repos for Fleet."),(0,n.kt)(s.Z,{groupId:"examples",mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm",default:!0,mdxType:"TabItem"},(0,n.kt)("p",null,"An example using Helm. We are deploying the ",(0,n.kt)("a",{href:"https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm"},"helm example")," to the local cluster."),(0,n.kt)("p",null,"The repository contains a helm chart and an optional ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to configure the deployment:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="fleet.yaml"',title:'"fleet.yaml"'},'namespace: fleet-helm-example\n\n# Custom helm options\nhelm:\n # The release name to use. If empty a generated release name will be used\n releaseName: guestbook\n\n # The directory of the chart in the repo. Also any valid go-getter supported\n # URL can be used there is specify where to download the chart from.\n # If repo below is set this value if the chart name in the repo\n chart: ""\n\n # An https to a valid Helm repository to download the chart from\n repo: ""\n\n # Used if repo is set to look up the version of the chart\n version: ""\n\n # Force recreate resource that can not be updated\n force: false\n\n # How long for helm to wait for the release to be active. If the value\n # is less that or equal to zero, we will not wait in Helm\n timeoutSeconds: 0\n\n # Custom values that will be passed as values.yaml to the installation\n values:\n replicas: 2\n')),(0,n.kt)("p",null,"To create the deployment, we apply the custom resource to the upstream cluster. The ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace contains the local cluster resource. The local fleet-agent will create the deployment in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-helm-example")," namespace."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl apply -n fleet-local -f - <{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.5/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.5/index.md",sourceDirName:".",slug:"/",permalink:"/0.5/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/index.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.5/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6418],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.5/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.5/index.md",sourceDirName:".",slug:"/",permalink:"/0.5/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/index.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.5/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(9225).Z,width:"969",height:"775"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users have a high degree of control, consistency, and auditability."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},9225:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/arch-1c6cd25727f6427c62add813758335a8.png"}}]); \ No newline at end of file diff --git a/assets/js/e252aa27.87801736.js b/assets/js/e252aa27.44bf2fa3.js similarity index 97% rename from assets/js/e252aa27.87801736.js rename to assets/js/e252aa27.44bf2fa3.js index 2a24f50b0..4ddfda3b2 100644 --- a/assets/js/e252aa27.87801736.js +++ b/assets/js/e252aa27.44bf2fa3.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5854],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.5/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.5/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.5/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-tokens.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5854],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,i=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=r,k=d["".concat(l,".").concat(m)]||d[m]||p[m]||i;return n?a.createElement(k,o(o({ref:t},u),{},{components:n})):a.createElement(k,o({ref:t},u))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var i=n.length,o=new Array(i);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,o[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const i={},o="Cluster Registration Tokens",s={unversionedId:"cluster-tokens",id:"version-0.5/cluster-tokens",title:"Cluster Registration Tokens",description:"Not needed for Manager initiated registration:",source:"@site/versioned_docs/version-0.5/cluster-tokens.md",sourceDirName:".",slug:"/cluster-tokens",permalink:"/0.5/cluster-tokens",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/cluster-tokens.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/cluster-overview"},next:{title:"Agent Initiated",permalink:"/0.5/agent-initiated"}},l={},c=[{value:"Token TTL",id:"token-ttl",level:2},{value:"Create a new Token",id:"create-a-new-token",level:2},{value:"Obtaining Token Value (Agent values.yaml)",id:"obtaining-token-value-agent-valuesyaml",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"cluster-registration-tokens"},"Cluster Registration Tokens"),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("strong",{parentName:"p"},"Not needed for Manager initiated registration"),":\nFor manager initiated registrations the token is managed by the Fleet manager and does\nnot need to be manually created and obtained.")),(0,r.kt)("p",null,"For an agent initiated registration the downstream cluster must have a cluster registration token.\nCluster registration tokens are used to establish a new identity for a cluster. Internally\ncluster registration tokens are managed by creating Kubernetes service accounts that have the\npermissions to create ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationRequests")," within a specific namespace. Once the\ncluster is registered a new ",(0,r.kt)("inlineCode",{parentName:"p"},"ServiceAccount")," is created for that cluster that is used as\nthe unique identity of the cluster. The agent is designed to forget the cluster registration\ntoken after registration. While the agent will not maintain a reference to the cluster registration\ntoken after a successful registration please note that usually other system bootstrap scripts do."),(0,r.kt)("p",null,"Since the cluster registration token is forgotten, if you need to re-register a cluster you must\ngive the cluster a new registration token."),(0,r.kt)("h2",{id:"token-ttl"},"Token TTL"),(0,r.kt)("p",null,"Cluster registration tokens can be reused by any cluster in a namespace. The tokens can be given a TTL\nsuch that it will expire after a specific time."),(0,r.kt)("h2",{id:"create-a-new-token"},"Create a new Token"),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistationToken")," is a namespaced type and should be created in the same namespace\nin which you will create ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," and ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resources. For in depth details on how namespaces\nare used in Fleet refer to the documentation on ",(0,r.kt)("a",{parentName:"p",href:"/0.5/namespaces"},"namespaces"),". Create a new\ntoken with the below YAML."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: ClusterRegistrationToken\napiVersion: "fleet.cattle.io/v1alpha1"\nmetadata:\n name: new-token\n namespace: clusters\nspec:\n # A duration string for how long this token is valid for. A value <= 0 or null means infinite time.\n ttl: 240h\n')),(0,r.kt)("p",null,"After the ",(0,r.kt)("inlineCode",{parentName:"p"},"ClusterRegistrationToken")," is created, Fleet will create a corresponding ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," with the same name.\nAs the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," creation is performed asynchronously, you will need to wait until it's available before using it."),(0,r.kt)("p",null,"One way to do so is via the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"while ! kubectl --namespace=clusters get secret new-token; do sleep 5; done\n")),(0,r.kt)("h2",{id:"obtaining-token-value-agent-valuesyaml"},"Obtaining Token Value (Agent values.yaml)"),(0,r.kt)("p",null,"The token value contains YAML content for a ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that is expected to be passed to ",(0,r.kt)("inlineCode",{parentName:"p"},"helm install"),"\nto install the Fleet agent on a downstream cluster."),(0,r.kt)("p",null,"Such value is contained in the ",(0,r.kt)("inlineCode",{parentName:"p"},"values")," field of the ",(0,r.kt)("inlineCode",{parentName:"p"},"Secret")," mentioned above. To obtain the YAML content for the\nabove example one can run the following one-liner:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl --namespace clusters get secret new-token -o 'jsonpath={.data.values}' | base64 --decode > values.yaml\n")),(0,r.kt)("p",null,"Once the ",(0,r.kt)("inlineCode",{parentName:"p"},"values.yaml")," is ready it can be used repeatedly by clusters to register until the TTL expires."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e348fb9e.a6987daf.js b/assets/js/e348fb9e.3d43ae6a.js similarity index 95% rename from assets/js/e348fb9e.a6987daf.js rename to assets/js/e348fb9e.3d43ae6a.js index d4c99dc0f..4f3549c33 100644 --- a/assets/js/e348fb9e.a6987daf.js +++ b/assets/js/e348fb9e.3d43ae6a.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6645],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.7/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.7/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.7/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/troubleshooting.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Resource",permalink:"/0.7/ref-bundle"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Fetch detailed status from GitRepos and Bundles?",id:"fetch-detailed-status-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled."),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"fetch-detailed-status-from-gitrepos-and-bundles"},"Fetch detailed status from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"For debugging and bug reports the raw JSON of the resources status fields is most useful.\nThis can be accessed in the Rancher UI, or through ",(0,a.kt)("inlineCode",{parentName:"p"},"kubectl"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}\nkubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}\n")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.7/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.7/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo."),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.7/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority"\n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm:\n releaseName: \n repo: \n chart: \ndiff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations"\n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.7/bundle-diffs"},"bundle diffs documentation")," for more information.")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6645],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),p=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},c=function(e){var t=p(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),h=p(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},c),{},{components:n})):o.createElement(m,r({ref:t},c))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var p=2;p{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.7/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.7/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.7/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/troubleshooting.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Bundle Resource",permalink:"/0.7/ref-bundle"}},s={},p=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Fetch detailed status from GitRepos and Bundles?",id:"fetch-detailed-status-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Agent is no longer registered",id:"agent-is-no-longer-registered",level:3},{value:"Nested GitRepo CRs",id:"nested-gitrepo-crs",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],c={toc:p};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled."),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"fetch-detailed-status-from-gitrepos-and-bundles"},"Fetch detailed status from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"For debugging and bug reports the raw JSON of the resources status fields is most useful.\nThis can be accessed in the Rancher UI, or through ",(0,a.kt)("inlineCode",{parentName:"p"},"kubectl"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl get bundle -n fleet-local fleet-agent-local -o=jsonpath={.status}\nkubectl get gitrepo -n fleet-default gitrepo-name -o=jsonpath={.status}\n")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.7/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.7/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo."),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu"),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown"),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.7/ref-fleet-yaml"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority"\n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm:\n releaseName: \n repo: \n chart: \ndiff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations"\n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.7/bundle-diffs"},"bundle diffs documentation")," for more information.")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"agent-is-no-longer-registered"},"Agent is no longer registered"),(0,a.kt)("p",null,"You can force a redeployment of an agent for a given cluster by setting ",(0,a.kt)("inlineCode",{parentName:"p"},"redeployAgentGeneration"),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},'kubectl patch clusters.fleet.cattle.io -n fleet-local local --type=json -p \'[{"op": "add", "path": "/spec/redeployAgentGeneration", "value": -1}]\'\n')),(0,a.kt)("h3",{id:"nested-gitrepo-crs"},"Nested GitRepo CRs"),(0,a.kt)("p",null,"Managing Fleet within Fleet (nested ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," usage) is not currently supported. We will update the documentation if support becomes available."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e35f16a8.58d512c4.js b/assets/js/e35f16a8.c7bf3f03.js similarity index 96% rename from assets/js/e35f16a8.58d512c4.js rename to assets/js/e35f16a8.c7bf3f03.js index bc93701ca..2b40b276e 100644 --- a/assets/js/e35f16a8.58d512c4.js +++ b/assets/js/e35f16a8.c7bf3f03.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2952],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.7/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.7/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.7/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.7/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.7/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2952],{3905:(e,t,r)=>{r.d(t,{Zo:()=>f,kt:()=>d});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var c=n.createContext({}),s=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},f=function(e){var t=s(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},u=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,a=e.originalType,c=e.parentName,f=i(e,["components","mdxType","originalType","parentName"]),u=s(r),d=l,m=u["".concat(c,".").concat(d)]||u[d]||p[d]||a;return r?n.createElement(m,o(o({ref:t},f),{},{components:r})):n.createElement(m,o({ref:t},f))}));function d(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=r.length,o=new Array(a);o[0]=u;var i={};for(var c in t)hasOwnProperty.call(t,c)&&(i[c]=t[c]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var s=2;s{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>i,toc:()=>s});var n=r(7462),l=(r(7294),r(3905));const a={title:"",sidebar_label:"fleet-manager"},o=void 0,i={unversionedId:"cli/fleet-controller/fleet-manager",id:"version-0.7/cli/fleet-controller/fleet-manager",title:"",description:"fleet-manager",source:"@site/versioned_docs/version-0.7/cli/fleet-controller/fleet-manager.md",sourceDirName:"cli/fleet-controller",slug:"/cli/fleet-controller/fleet-manager",permalink:"/0.7/cli/fleet-controller/fleet-manager",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/cli/fleet-controller/fleet-manager.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet-manager"},sidebar:"docs",previous:{title:"fleet test",permalink:"/0.7/cli/fleet-cli/fleet_test"},next:{title:"Cluster and Bundle State",permalink:"/0.7/cluster-bundles-state"}},c={},s=[{value:"fleet-manager",id:"fleet-manager",level:2},{value:"Options",id:"options",level:3}],f={toc:s};function p(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},f,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-manager"},"fleet-manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet-manager [flags]\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n --disable-bootstrap disable agent on local cluster\n --disable-gitops disable gitops components\n -h, --help help for fleet-manager\n --kubeconfig string Kubeconfig file\n --namespace string namespace to watch (default "cattle-fleet-system")\n')))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e3aa6547.088851d9.js b/assets/js/e3aa6547.770a24b9.js similarity index 97% rename from assets/js/e3aa6547.088851d9.js rename to assets/js/e3aa6547.770a24b9.js index 7d753dd47..64f062c8d 100644 --- a/assets/js/e3aa6547.088851d9.js +++ b/assets/js/e3aa6547.770a24b9.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1462],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.4/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.4/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.4/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/imagescan.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.4/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1462],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var l=a.createContext({}),c=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=c(e.components);return a.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,l=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=c(n),u=r,g=d["".concat(l,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const o={},i="Image scan",s={unversionedId:"imagescan",id:"version-0.4/imagescan",title:"Image scan",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.4/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.4/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/imagescan.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Webhook",permalink:"/0.4/webhook"},next:{title:"Cluster and Bundle state",permalink:"/0.4/cluster-bundles-state"}},l={},c=[],m={toc:c};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"image-scan"},"Image scan"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e431d4ee.b73b13a8.js b/assets/js/e431d4ee.579a2d54.js similarity index 99% rename from assets/js/e431d4ee.b73b13a8.js rename to assets/js/e431d4ee.579a2d54.js index 671e568f1..4abef0491 100644 --- a/assets/js/e431d4ee.b73b13a8.js +++ b/assets/js/e431d4ee.579a2d54.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[295],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},4623:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.7/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.7/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.7/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/installation.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/0.7/ref-resources"},next:{title:"Register Downstream Clusters",permalink:"/0.7/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)("p",null,"First add Fleet's Helm repository."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd"),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet")),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA.")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/0.7/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/0.7/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First add Fleet's Helm repository.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.7/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[295],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>A});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),i=a(6550),o=a(1980),u=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,u.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function m(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function h(e){let{queryString:t=!1,groupId:a}=e;const l=(0,i.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,o._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,i]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!m({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[o,u]=h({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),g=(()=>{const e=o??d;return m({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{g&&i(g)}),[g]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!m({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);i(e),u(e),f(e)}),[u,f,r]),tabValues:r}}var g=a(2389);const k="tabList__CuJ",b="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:i,selectValue:o,tabValues:u}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=u[a].value;l!==i&&(d(t),o(l))},m=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},u.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:i===t?0:-1,"aria-selected":i===t,key:t,ref:e=>c.push(e),onKeyDown:m,onClick:p},s,{className:(0,r.Z)("tabs__item",b,null==s?void 0:s.className,{"tabs__item--active":i===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",k)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function A(e){const t=(0,g.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},4623:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>p,contentTitle:()=>c,default:()=>f,frontMatter:()=>u,metadata:()=>d,toc:()=>m});var l=a(7462),n=(a(7294),a(3905)),r=a(6828),s=a(814),i=a(4866),o=a(5162);const u={},c="Installation Details",d={unversionedId:"installation",id:"version-0.7/installation",title:"Installation Details",description:"The installation is broken up into two different use cases: single and multi-cluster.",source:"@site/versioned_docs/version-0.7/installation.md",sourceDirName:".",slug:"/installation",permalink:"/0.7/installation",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/installation.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Custom Resources",permalink:"/0.7/ref-resources"},next:{title:"Register Downstream Clusters",permalink:"/0.7/cluster-registration"}},p={},m=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Default Install",id:"default-install",level:2},{value:"Configuration for Multi-Cluster",id:"configuration-for-multi-cluster",level:2},{value:"API Server URL and CA certificate",id:"api-server-url-and-ca-certificate",level:3},{value:"Extract CA certificate",id:"extract-ca-certificate",level:4},{value:"Extract API Server",id:"extract-api-server",level:4},{value:"Validate",id:"validate",level:4},{value:"Install for Multi-Cluster",id:"install-for-multi-cluster",level:3}],h={toc:m};function f(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"installation-details"},"Installation Details"),(0,n.kt)("p",null,"The installation is broken up into two different use cases: single and multi-cluster.\nThe single cluster install is for if you wish to use GitOps to manage a single cluster,\nin which case you do not need a centralized manager cluster. In the multi-cluster use case\nyou will setup a centralized manager cluster to which you can register clusters."),(0,n.kt)("p",null,"If you are just learning Fleet the single cluster install is the recommended starting\npoint. After which you can move from single cluster to multi-cluster setup down the line."),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Single-cluster is the default installation. The same cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"helm",label:"Helm 3",default:!0,mdxType:"TabItem"},"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is fairly straight forward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)(o.Z,{value:"kubernetes",label:"Kubernetes",default:!0,mdxType:"TabItem"},"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the single cluster use case you will install Fleet to the cluster which you intend to manage with GitOps. Any Kubernetes community supported version of Kubernetes will work, in practice this means ",r.d.next.kubernetes," or greater.")),(0,n.kt)("h2",{id:"default-install"},"Default Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install",label:"Install",default:!0,mdxType:"TabItem"},(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)("p",null,"First add Fleet's Helm repository."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd"),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet")),(0,n.kt)(o.Z,{value:"verify",label:"Verify",mdxType:"TabItem"},(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."),(0,n.kt)("h2",{id:"configuration-for-multi-cluster"},"Configuration for Multi-Cluster"),(0,n.kt)("admonition",{type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Downstream clusters in Rancher are automatically registered in Fleet. Users can access Fleet under ",(0,n.kt)("inlineCode",{parentName:"p"},"Continuous Delivery")," on Rancher."),(0,n.kt)("p",{parentName:"admonition"},"The multi-cluster install described below is ",(0,n.kt)("strong",{parentName:"p"},"only")," covered in standalone Fleet, which is untested by Rancher QA.")),(0,n.kt)("admonition",{type:"info"},(0,n.kt)("p",{parentName:"admonition"},"The setup is the same as for a single cluster.\nAfter installing the Fleet manager, you will then need to register remote downstream clusters with the Fleet manager."),(0,n.kt)("p",{parentName:"admonition"},"However, to allow for ",(0,n.kt)("a",{parentName:"p",href:"/0.7/cluster-registration#manager-initiated"},"manager-initiated registration")," of downstream clusters, a few extra settings are required. Without the API server URL and the CA, only ",(0,n.kt)("a",{parentName:"p",href:"/0.7/cluster-registration#agent-initiated"},"agent-initiated registration")," of downstream clusters is possible.")),(0,n.kt)("h3",{id:"api-server-url-and-ca-certificate"},"API Server URL and CA certificate"),(0,n.kt)("p",null,"In order for your Fleet management installation to properly work it is important\nthe correct API server URL and CA certificates are configured properly. The Fleet agents\nwill communicate to the Kubernetes API server URL. This means the Kubernetes\nAPI server must be accessible to the downstream clusters. You will also need\nto obtain the CA certificate of the API server. The easiest way to obtain this information\nis typically from your kubeconfig file (",(0,n.kt)("inlineCode",{parentName:"p"},"$HOME/.kube/config"),"). The ",(0,n.kt)("inlineCode",{parentName:"p"},"server"),",\n",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data"),", or ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority")," fields will have these values."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-yaml",metastring:'title="$HOME/.kube/config"',title:'"$HOME/.kube/config"'},"apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTi...\n server: https://example.com:6443\n")),(0,n.kt)("h4",{id:"extract-ca-certificate"},"Extract CA certificate"),(0,n.kt)("p",null,"Please note that the ",(0,n.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," field is base64 encoded and will need to be\ndecoded before you save it into a file. This can be done by saving the base64 encoded contents to\na file and then running"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"base64 -d encoded-file > ca.pem\n")),(0,n.kt)("p",null,"Next, retrieve the CA certificate from your kubeconfig."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"extractca",label:"Extract First",mdxType:"TabItem"},"If you have `jq` and `base64` available then this one-liners will pull all CA certificates from your `KUBECONFIG` and place then in a file named `ca.pem`.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl config view -o json --raw | jq -r '.clusters[].cluster[\"certificate-authority-data\"]' | base64 -d > ca.pem\n"))),(0,n.kt)(o.Z,{value:"extractcas",label:"Multiple Entries",mdxType:"TabItem"},"Or, if you have a multi-cluster setup, you can use this command:",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nkubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTERNAME").cluster["certificate-authority-data"]\' | base64 -d > ca.pem\n')))),(0,n.kt)("h4",{id:"extract-api-server"},"Extract API Server"),(0,n.kt)("p",null,"If you have a multi-cluster setup, you can use this command:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'# replace CLUSTERNAME with the name of the cluster according to your KUBECONFIG\nAPI_SERVER_URL=$(kubectl config view -o json --raw | jq -r \'.clusters[] | select(.name=="CLUSTER").cluster["server"]\')\n# Leave empty if your API server is signed by a well known CA\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("h4",{id:"validate"},"Validate"),(0,n.kt)("p",null,"First validate the server URL is correct."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fLk "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"The output of this command should be JSON with the version of the Kubernetes server or a ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," error.\nIf you do not get either of these results than please ensure you have the correct URL. The API server port is typically\n6443 for Kubernetes."),(0,n.kt)("p",null,"Next validate that the CA certificate is proper by running the below command. If your API server is signed by a\nwell known CA then omit the ",(0,n.kt)("inlineCode",{parentName:"p"},'--cacert "$API_SERVER_CA"')," part of the command."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'curl -fL --cacert "$API_SERVER_CA" "$API_SERVER_URL/version"\n')),(0,n.kt)("p",null,"If you get a valid JSON response or an ",(0,n.kt)("inlineCode",{parentName:"p"},"401 Unauthorized")," then it worked. The Unauthorized error is\nonly because the curl command is not setting proper credentials, but this validates that the TLS\nconnection work and the ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is correct for this URL. If you get a ",(0,n.kt)("inlineCode",{parentName:"p"},"SSL certificate problem")," then\nthe ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," is not correct. The contents of the ",(0,n.kt)("inlineCode",{parentName:"p"},"$API_SERVER_CA")," file should look similar to the below:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-pem",metastring:'title="ca.pem"',title:'"ca.pem"'},"-----BEGIN CERTIFICATE-----\nMIIBVjCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2\nZXItY2FAMTU5ODM5MDQ0NzAeFw0yMDA4MjUyMTIwNDdaFw0zMDA4MjMyMTIwNDda\nMCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODM5MDQ0NzBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDXlQNkXnwUPdbSgGz5Rk6U9ldGFjF6y1YyF36cNGk4E\n0lMgNcVVD9gKuUSXEJk8tzHz3ra/+yTwSL5xQeLHBl+jIzAhMA4GA1UdDwEB/wQE\nAwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIFMtZ5gGDoDs\nciRyve+T4xbRNVHES39tjjup/LuN4tAgAiAteeB3jgpTMpZyZcOOHl9gpZ8PgEcN\nKDs/pb3fnMTtpA==\n-----END CERTIFICATE-----\n")),(0,n.kt)("h3",{id:"install-for-multi-cluster"},"Install for Multi-Cluster"),(0,n.kt)("p",null,"In the following example it will be assumed the API server URL from the ",(0,n.kt)("inlineCode",{parentName:"p"},"KUBECONFIG")," which is ",(0,n.kt)("inlineCode",{parentName:"p"},"https://example.com:6443"),"\nand the CA certificate is in the file ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem"),". If your API server URL is signed by a well-known CA you can\nomit the ",(0,n.kt)("inlineCode",{parentName:"p"},"apiServerCA")," parameter below or just create an empty ",(0,n.kt)("inlineCode",{parentName:"p"},"ca.pem")," file (ie ",(0,n.kt)("inlineCode",{parentName:"p"},"touch ca.pem"),")."),(0,n.kt)("p",null,"Setup the environment with your specific values, e.g.:"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},'API_SERVER_URL="https://example.com:6443"\nAPI_SERVER_CA="ca.pem"\n')),(0,n.kt)("p",null,"Once you have validated the API server URL and API server CA parameters, install the following two\nHelm charts."),(0,n.kt)(i.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"install2",label:"Install",default:!0,mdxType:"TabItem"},"First add Fleet's Helm repository.",(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm repo add fleet https://rancher.github.io/fleet-helm-charts/"),(0,n.kt)("p",null,"Second install the Fleet CustomResourcesDefintions."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",r.d.next.fleetCRD),(0,n.kt)("p",null,"Third install the Fleet controllers."),(0,n.kt)(s.Z,{language:"bash",mdxType:"CodeBlock"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set apiServerURL="$API_SERVER_URL" \\\n --set-file apiServerCA="$API_SERVER_CA" \\\n fleet'," ",r.d.next.fleet)),(0,n.kt)(o.Z,{value:"verifiy2",label:"Verify",mdxType:"TabItem"},"Fleet should be ready to use. You can check the status of the Fleet controller pods by running the below commands.",(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")))),(0,n.kt)("p",null,"At this point the Fleet manager should be ready. You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.7/cluster-registration"},"register clusters")," and ",(0,n.kt)("a",{parentName:"p",href:"/0.7/gitrepo-add#create-gitrepo-instance"},"git repos")," with\nthe Fleet manager."))}f.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/e483f3c9.0fe10853.js b/assets/js/e483f3c9.0fe10853.js new file mode 100644 index 000000000..98fbd071d --- /dev/null +++ b/assets/js/e483f3c9.0fe10853.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[614],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||o;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,l=new Array(o);l[0]=m;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,l[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},l="Core Concepts",s={unversionedId:"concepts",id:"version-0.9/concepts",title:"Core Concepts",description:"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers",source:"@site/versioned_docs/version-0.9/concepts.md",sourceDirName:".",slug:"/concepts",permalink:"/0.9/concepts",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/concepts.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Architecture",permalink:"/0.9/architecture"},next:{title:"Bundle Lifecycle",permalink:"/0.9/ref-bundle-stages"}},i={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"core-concepts"},"Core Concepts"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes custom resource definitions (CRDs) and controllers\nto manage GitOps for a single Kubernetes cluster or a large-scale deployment of Kubernetes clusters."),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},"For more on the naming conventions of CRDs, click ",(0,a.kt)("a",{parentName:"p",href:"/0.9/troubleshooting#naming-conventions-for-crds"},"here"),".")),(0,a.kt)("p",null,"Below are some of the concepts of Fleet that will be useful throughout this documentation:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet Manager"),": The centralized component that orchestrates the deployments of Kubernetes assets\nfrom git. In a multi-cluster setup, this will typically be a dedicated Kubernetes cluster. In a\nsingle cluster setup, the Fleet manager will be running on the same cluster you are managing with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet controller"),": The controller(s) running on the Fleet manager orchestrating GitOps. In practice,\nthe Fleet manager and Fleet controllers are used fairly interchangeably."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Single Cluster Style"),": This is a style of installing Fleet in which the manager and downstream cluster are the\nsame cluster. This is a very simple pattern to quickly get up and running with GitOps."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Multi Cluster Style"),": This is a style of running Fleet in which you have a central manager that manages a large\nnumber of downstream clusters."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"Fleet agent"),": Every managed downstream cluster will run an agent that communicates back to the Fleet manager.\nThis agent is just another set of Kubernetes controllers running in the downstream cluster."),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("strong",{parentName:"li"},"GitRepo"),": Git repositories that are watched by Fleet are represented by the type ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),".")),(0,a.kt)("blockquote",null,(0,a.kt)("p",{parentName:"blockquote"},(0,a.kt)("strong",{parentName:"p"},"Example installation order via ",(0,a.kt)("inlineCode",{parentName:"strong"},"GitRepo")," custom resources when using Fleet for the configuration management of downstream clusters:")),(0,a.kt)("ol",{parentName:"blockquote"},(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/projectcalico/calico"},"Calico")," CRDs and controllers."),(0,a.kt)("li",{parentName:"ol"},"Set one or multiple cluster-level global network policies."),(0,a.kt)("li",{parentName:"ol"},"Install ",(0,a.kt)("a",{parentName:"li",href:"https://github.com/open-policy-agent/gatekeeper"},"GateKeeper"),". Note that ",(0,a.kt)("strong",{parentName:"li"},"cluster labels")," and ",(0,a.kt)("strong",{parentName:"li"},"overlays")," are critical features in Fleet as they determine which clusters will get each part of the bundle."),(0,a.kt)("li",{parentName:"ol"},"Set up and configure ingress and system daemons."))),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Bundle"),": An internal unit used for the orchestration of resources from git.\nWhen a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is scanned it will produce one or more bundles. Bundles are a collection of\nresources that get deployed to a cluster. ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is the fundamental deployment unit used in Fleet. The\ncontents of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," may be Kubernetes manifests, Kustomize configuration, or Helm charts.\nRegardless of the source the contents are dynamically rendered into a Helm chart by the agent\nand installed into the downstream cluster as a helm release."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"To see the ",(0,a.kt)("strong",{parentName:"li"},"life cycle of a bundle"),", click ",(0,a.kt)("a",{parentName:"li",href:"/0.9/ref-bundle-stages"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"BundleDeployment"),": When a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is deployed to a cluster an instance of a ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," is called a ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment"),".\nA ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," represents the state of that ",(0,a.kt)("inlineCode",{parentName:"p"},"Bundle")," on a specific cluster with its cluster specific\ncustomizations. The Fleet agent is only aware of ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," resources that are created for\nthe cluster the agent is managing."),(0,a.kt)("ul",{parentName:"li"},(0,a.kt)("li",{parentName:"ul"},"For an example of how to deploy Kubernetes manifests across clusters using Fleet customization, click ",(0,a.kt)("a",{parentName:"li",href:"/0.9/gitrepo-targets#customization-per-cluster"},"here"),"."))),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Downstream Cluster"),": Clusters to which Fleet deploys manifests are referred to as downstream clusters. In the single cluster use case, the Fleet manager Kubernetes cluster is both the manager and downstream cluster at the same time.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster Registration Token"),": Tokens used by agents to register a new cluster."))))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e4b5e952.e07d35ea.js b/assets/js/e4b5e952.e07d35ea.js new file mode 100644 index 000000000..42e2c487d --- /dev/null +++ b/assets/js/e4b5e952.e07d35ea.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1830],{5162:(e,t,a)=>{a.d(t,{Z:()=>s});var l=a(7294),n=a(6010);const r="tabItem_Ymn6";function s(e){let{children:t,hidden:a,className:s}=e;return l.createElement("div",{role:"tabpanel",className:(0,n.Z)(r,s),hidden:a},t)}},4866:(e,t,a)=>{a.d(t,{Z:()=>E});var l=a(7462),n=a(7294),r=a(6010),s=a(2466),o=a(6550),u=a(1980),i=a(7392),c=a(12);function d(e){return function(e){return n.Children.map(e,(e=>{if((0,n.isValidElement)(e)&&"value"in e.props)return e;throw new Error(`Docusaurus error: Bad child <${"string"==typeof e.type?e.type:e.type.name}>: all children of the component should be , and every should have a unique "value" prop.`)}))}(e).map((e=>{let{props:{value:t,label:a,attributes:l,default:n}}=e;return{value:t,label:a,attributes:l,default:n}}))}function p(e){const{values:t,children:a}=e;return(0,n.useMemo)((()=>{const e=t??d(a);return function(e){const t=(0,i.l)(e,((e,t)=>e.value===t.value));if(t.length>0)throw new Error(`Docusaurus error: Duplicate values "${t.map((e=>e.value)).join(", ")}" found in . Every value needs to be unique.`)}(e),e}),[t,a])}function h(e){let{value:t,tabValues:a}=e;return a.some((e=>e.value===t))}function m(e){let{queryString:t=!1,groupId:a}=e;const l=(0,o.k6)(),r=function(e){let{queryString:t=!1,groupId:a}=e;if("string"==typeof t)return t;if(!1===t)return null;if(!0===t&&!a)throw new Error('Docusaurus error: The component groupId prop is required if queryString=true, because this value is used as the search param name. You can also provide an explicit value such as queryString="my-search-param".');return a??null}({queryString:t,groupId:a});return[(0,u._X)(r),(0,n.useCallback)((e=>{if(!r)return;const t=new URLSearchParams(l.location.search);t.set(r,e),l.replace({...l.location,search:t.toString()})}),[r,l])]}function f(e){const{defaultValue:t,queryString:a=!1,groupId:l}=e,r=p(e),[s,o]=(0,n.useState)((()=>function(e){let{defaultValue:t,tabValues:a}=e;if(0===a.length)throw new Error("Docusaurus error: the component requires at least one children component");if(t){if(!h({value:t,tabValues:a}))throw new Error(`Docusaurus error: The has a defaultValue "${t}" but none of its children has the corresponding value. Available values are: ${a.map((e=>e.value)).join(", ")}. If you intend to show no default tab, use defaultValue={null} instead.`);return t}const l=a.find((e=>e.default))??a[0];if(!l)throw new Error("Unexpected error: 0 tabValues");return l.value}({defaultValue:t,tabValues:r}))),[u,i]=m({queryString:a,groupId:l}),[d,f]=function(e){let{groupId:t}=e;const a=function(e){return e?`docusaurus.tab.${e}`:null}(t),[l,r]=(0,c.Nk)(a);return[l,(0,n.useCallback)((e=>{a&&r.set(e)}),[a,r])]}({groupId:l}),b=(()=>{const e=u??d;return h({value:e,tabValues:r})?e:null})();(0,n.useLayoutEffect)((()=>{b&&o(b)}),[b]);return{selectedValue:s,selectValue:(0,n.useCallback)((e=>{if(!h({value:e,tabValues:r}))throw new Error(`Can't select invalid tab value=${e}`);o(e),i(e),f(e)}),[i,f,r]),tabValues:r}}var b=a(2389);const g="tabList__CuJ",k="tabItem_LNqP";function v(e){let{className:t,block:a,selectedValue:o,selectValue:u,tabValues:i}=e;const c=[],{blockElementScrollPositionUntilNextRender:d}=(0,s.o5)(),p=e=>{const t=e.currentTarget,a=c.indexOf(t),l=i[a].value;l!==o&&(d(t),u(l))},h=e=>{var t;let a=null;switch(e.key){case"Enter":p(e);break;case"ArrowRight":{const t=c.indexOf(e.currentTarget)+1;a=c[t]??c[0];break}case"ArrowLeft":{const t=c.indexOf(e.currentTarget)-1;a=c[t]??c[c.length-1];break}}null==(t=a)||t.focus()};return n.createElement("ul",{role:"tablist","aria-orientation":"horizontal",className:(0,r.Z)("tabs",{"tabs--block":a},t)},i.map((e=>{let{value:t,label:a,attributes:s}=e;return n.createElement("li",(0,l.Z)({role:"tab",tabIndex:o===t?0:-1,"aria-selected":o===t,key:t,ref:e=>c.push(e),onKeyDown:h,onClick:p},s,{className:(0,r.Z)("tabs__item",k,null==s?void 0:s.className,{"tabs__item--active":o===t})}),a??t)})))}function y(e){let{lazy:t,children:a,selectedValue:l}=e;if(a=Array.isArray(a)?a:[a],t){const e=a.find((e=>e.props.value===l));return e?(0,n.cloneElement)(e,{className:"margin-top--md"}):null}return n.createElement("div",{className:"margin-top--md"},a.map(((e,t)=>(0,n.cloneElement)(e,{key:t,hidden:e.props.value!==l}))))}function w(e){const t=f(e);return n.createElement("div",{className:(0,r.Z)("tabs-container",g)},n.createElement(v,(0,l.Z)({},e,t)),n.createElement(y,(0,l.Z)({},e,t)))}function E(e){const t=(0,b.Z)();return n.createElement(w,(0,l.Z)({key:String(t)},e))}},6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},9526:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>m,frontMatter:()=>u,metadata:()=>c,toc:()=>p});var l=a(7462),n=(a(7294),a(3905)),r=(a(6828),a(814)),s=a(4866),o=a(5162);const u={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.9/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.9/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.9/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/quickstart.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.9/"},next:{title:"Creating a Deployment",permalink:"/0.9/tut-deployment"}},d={},p=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to Watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],h={toc:p};function m(e){let{components:t,...u}=e;return(0,n.kt)("wrapper",(0,l.Z)({},h,u,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,(0,n.kt)("img",{src:a(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null," Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and its use is\nfairly straightforward. To install the Helm 3 CLI follow the ",(0,n.kt)("a",{href:"https://helm.sh/docs/intro/install"},"official install instructions"),"."),(0,n.kt)("admonition",{title:"Fleet in Rancher",type:"caution"},(0,n.kt)("p",{parentName:"admonition"},"Rancher has separate helm charts for Fleet and uses a different repository.")),(0,n.kt)(s.Z,{mdxType:"Tabs"},(0,n.kt)(o.Z,{value:"linux",label:"Linux/Mac",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"brew install helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/")),(0,n.kt)(o.Z,{value:"windows",label:"Windows",default:!0,mdxType:"TabItem"},(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"choco install kubernetes-helm\n","helm repo add fleet https://rancher.github.io/fleet-helm-charts/"))),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait fleet-crd \\\n fleet/fleet-crd\n","helm -n cattle-fleet-system install --create-namespace --wait fleet \\\n fleet/fleet"),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to Watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}m.isMDXComponent=!0},1313:(e,t,a)=>{a.d(t,{Z:()=>l});const l=a.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/e50ee9c3.6fe548e2.js b/assets/js/e50ee9c3.583d9b4f.js similarity index 97% rename from assets/js/e50ee9c3.6fe548e2.js rename to assets/js/e50ee9c3.583d9b4f.js index 52c7f4af7..3fea3a225 100644 --- a/assets/js/e50ee9c3.6fe548e2.js +++ b/assets/js/e50ee9c3.583d9b4f.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7677],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),i=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=i(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},d),{},{components:n})):r.createElement(m,s({ref:t},d))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.8/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.8/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.8/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cluster-bundles-state.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.8/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.8/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7677],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>f});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function s(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var u=r.createContext({}),i=function(e){var t=r.useContext(u),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=i(e.components);return r.createElement(u.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},c=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,u=e.parentName,d=o(e,["components","mdxType","originalType","parentName"]),c=i(n),f=a,m=c["".concat(u,".").concat(f)]||c[f]||p[f]||l;return n?r.createElement(m,s(s({ref:t},d),{},{components:n})):r.createElement(m,s({ref:t},d))}));function f(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,s=new Array(l);s[0]=c;var o={};for(var u in t)hasOwnProperty.call(t,u)&&(o[u]=t[u]);o.originalType=e,o.mdxType="string"==typeof e?e:a,s[1]=o;for(var i=2;i{n.r(t),n.d(t,{assets:()=>u,contentTitle:()=>s,default:()=>p,frontMatter:()=>l,metadata:()=>o,toc:()=>i});var r=n(7462),a=(n(7294),n(3905));const l={},s="Cluster and Bundle State",o={unversionedId:"cluster-bundles-state",id:"version-0.8/cluster-bundles-state",title:"Cluster and Bundle State",description:"Clusters and Bundles have different states in each phase of applying Bundles.",source:"@site/versioned_docs/version-0.8/cluster-bundles-state.md",sourceDirName:".",slug:"/cluster-bundles-state",permalink:"/0.8/cluster-bundles-state",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/cluster-bundles-state.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"fleet-manager",permalink:"/0.8/cli/fleet-controller/fleet-manager"},next:{title:"Cluster Registration Internals",permalink:"/0.8/ref-registration"}},u={},i=[{value:"Bundles",id:"bundles",level:2},{value:"Clusters",id:"clusters",level:2}],d={toc:i};function p(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"cluster-and-bundle-state"},"Cluster and Bundle State"),(0,a.kt)("p",null,"Clusters and Bundles have different states in each phase of applying Bundles."),(0,a.kt)("h2",{id:"bundles"},"Bundles"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles have been deployed and all resources are ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": Bundles have been deployed and some resources are not ready."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": Bundles have been synced from Fleet controller and downstream cluster, but are waiting to be deployed."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": Bundles have been synced from the Fleet controller and the downstream cluster, but there were some errors when deploying the Bundle."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": Bundles have been synced from Fleet controller, but downstream agent hasn't synced the change yet."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": Bundles are being processed by Fleet controller."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": Bundles have been deployed and all resources are ready, but there are some changes that were not made from the Git Repository."),(0,a.kt)("h2",{id:"clusters"},"Clusters"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn"),": Waiting for agent to report registration information and cluster status back."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"NotReady"),": There are bundles in this cluster that are in NotReady state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"WaitApplied"),": There are bundles in this cluster that are in WaitApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"ErrApplied"),": There are bundles in this cluster that are in ErrApplied state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"OutOfSync"),": There are bundles in this cluster that are in OutOfSync state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Pending"),": There are bundles in this cluster that are in Pending state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified"),": There are bundles in this cluster that are in Modified state."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Ready"),": Bundles in this cluster have been deployed and all resources are ready."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e6339806.74e3ab9e.js b/assets/js/e6339806.74e3ab9e.js new file mode 100644 index 000000000..f9db4927d --- /dev/null +++ b/assets/js/e6339806.74e3ab9e.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6702],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.9/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.9/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.9/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/uninstall.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.9/tut-deployment"},next:{title:"Architecture",permalink:"/0.9/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e7acee98.c43baf84.js b/assets/js/e7acee98.c43baf84.js new file mode 100644 index 000000000..bceb2fa3d --- /dev/null +++ b/assets/js/e7acee98.c43baf84.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7179],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>m});var n=r(7294);function o(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function s(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function i(e){for(var t=1;t=0||(o[r]=e[r]);return o}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}var c=n.createContext({}),l=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):i(i({},t),e)),r},u=function(e){var t=l(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,o=e.mdxType,s=e.originalType,c=e.parentName,u=a(e,["components","mdxType","originalType","parentName"]),d=l(r),m=o,f=d["".concat(c,".").concat(m)]||d[m]||p[m]||s;return r?n.createElement(f,i(i({ref:t},u),{},{components:r})):n.createElement(f,i({ref:t},u))}));function m(e,t){var r=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var s=r.length,i=new Array(s);i[0]=d;var a={};for(var c in t)hasOwnProperty.call(t,c)&&(a[c]=t[c]);a.originalType=e,a.mdxType="string"==typeof e?e:o,i[1]=a;for(var l=2;l{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>s,metadata:()=>a,toc:()=>l});var n=r(7462),o=(r(7294),r(3905));const s={},i="Custom Resources During Deployment",a={unversionedId:"resources-during-deployment",id:"version-0.9/resources-during-deployment",title:"Custom Resources During Deployment",description:"This shows the resources, also the internal ones, involved in creating a deployment from a git repository.",source:"@site/versioned_docs/version-0.9/resources-during-deployment.md",sourceDirName:".",slug:"/resources-during-deployment",permalink:"/0.9/resources-during-deployment",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/resources-during-deployment.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Namespaces",permalink:"/0.9/namespaces"},next:{title:"Installation Details",permalink:"/0.9/installation"}},c={},l=[],u={toc:l};function p(e){let{components:t,...s}=e;return(0,o.kt)("wrapper",(0,n.Z)({},u,s,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"custom-resources-during-deployment"},"Custom Resources During Deployment"),(0,o.kt)("p",null,"This shows the resources, also the internal ones, involved in creating a deployment from a git repository."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Resources",src:r(925).Z,width:"826",height:"1301"})))}p.isMDXComponent=!0},925:(e,t,r)=>{r.d(t,{Z:()=>n});const n=r.p+"assets/images/FleetResources-7c2b1498c93f41c2c125ee4b4b537657.svg"}}]); \ No newline at end of file diff --git a/assets/js/e89d2f4d.3bd9a6e2.js b/assets/js/e89d2f4d.86d9ad80.js similarity index 96% rename from assets/js/e89d2f4d.3bd9a6e2.js rename to assets/js/e89d2f4d.86d9ad80.js index 0528b4c89..7bcb6f389 100644 --- a/assets/js/e89d2f4d.3bd9a6e2.js +++ b/assets/js/e89d2f4d.86d9ad80.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8049],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.6/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.6/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.6/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/uninstall.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.6/tut-deployment"},next:{title:"Architecture",permalink:"/0.6/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[8049],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function a(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,a=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),m=c(n),d=l,f=m["".concat(s,".").concat(d)]||m[d]||u[d]||a;return n?r.createElement(f,o(o({ref:t},p),{},{components:n})):r.createElement(f,o({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var a=n.length,o=new Array(a);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>u,frontMatter:()=>a,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const a={},o="Uninstall",i={unversionedId:"uninstall",id:"version-0.6/uninstall",title:"Uninstall",description:"Fleet is packaged as two Helm charts so uninstall is accomplished by",source:"@site/versioned_docs/version-0.6/uninstall.md",sourceDirName:".",slug:"/uninstall",permalink:"/0.6/uninstall",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/uninstall.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Creating a Deployment",permalink:"/0.6/tut-deployment"},next:{title:"Architecture",permalink:"/0.6/architecture"}},s={},c=[],p={toc:c};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"uninstall"},"Uninstall"),(0,l.kt)("p",null,"Fleet is packaged as two Helm charts so uninstall is accomplished by\nuninstalling the appropriate Helm charts. To uninstall Fleet run the following\ntwo commands:"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"helm -n cattle-fleet-system uninstall fleet\nhelm -n cattle-fleet-system uninstall fleet-crd\n")),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},"Uninstalling the CRDs will remove all deployed workloads.")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/e9efc8c6.109566e2.js b/assets/js/e9efc8c6.8b4603cb.js similarity index 99% rename from assets/js/e9efc8c6.109566e2.js rename to assets/js/e9efc8c6.8b4603cb.js index 426236a16..6c186755f 100644 --- a/assets/js/e9efc8c6.109566e2.js +++ b/assets/js/e9efc8c6.8b4603cb.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5e3],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.7/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.7/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.7/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/bundle-diffs.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.7/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.7/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec."),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5e3],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var l=a.createContext({}),p=function(e){var n=a.useContext(l),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(l.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(l,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var s={};for(var l in n)hasOwnProperty.call(n,l)&&(s[l]=n[l]);s.originalType=e,s.mdxType="string"==typeof e?e:o,r[1]=s;for(var p=2;p{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>s,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",s={unversionedId:"bundle-diffs",id:"version-0.7/bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/versioned_docs/version-0.7/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/0.7/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/bundle-diffs.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/0.7/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/0.7/webhook"}},l={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-examples/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec."),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/ebf52154.83a804c8.js b/assets/js/ebf52154.00a138ef.js similarity index 91% rename from assets/js/ebf52154.83a804c8.js rename to assets/js/ebf52154.00a138ef.js index b72a697c8..9f1e24247 100644 --- a/assets/js/ebf52154.83a804c8.js +++ b/assets/js/ebf52154.00a138ef.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6393],{6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},1453:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>h,frontMatter:()=>o,metadata:()=>c,toc:()=>u});var l=a(7462),n=(a(7294),a(3905)),s=a(6828),r=a(814);const o={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.5/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.5/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.5/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/quickstart.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/"},next:{title:"Core Concepts",permalink:"/0.5/concepts"}},d={},u=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],p={toc:u};function h(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},p,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",s.d["v0.5"].fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",s.d["v0.5"].fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}h.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6393],{6828:(e,t,a)=>{a.d(t,{d:()=>l});const l={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},1453:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>i,default:()=>h,frontMatter:()=>r,metadata:()=>c,toc:()=>u});var l=a(7462),n=(a(7294),a(3905)),s=a(6828),o=a(814);const r={},i="Quick Start",c={unversionedId:"quickstart",id:"version-0.5/quickstart",title:"Quick Start",description:"Who needs documentation, lets just run this thing!",source:"@site/versioned_docs/version-0.5/quickstart.md",sourceDirName:".",slug:"/quickstart",permalink:"/0.5/quickstart",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/quickstart.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Overview",permalink:"/0.5/"},next:{title:"Core Concepts",permalink:"/0.5/concepts"}},d={},u=[{value:"Install",id:"install",level:2},{value:"Add a Git Repo to watch",id:"add-a-git-repo-to-watch",level:2},{value:"Get Status",id:"get-status",level:2}],p={toc:u};function h(e){let{components:t,...a}=e;return(0,n.kt)("wrapper",(0,l.Z)({},p,a,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"quick-start"},"Quick Start"),(0,n.kt)("p",null,"Who needs documentation, lets just run this thing!"),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Get helm if you don't have it. Helm 3 is just a CLI and won't do bad insecure\nthings to your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Install the Fleet Helm charts (there's two because we separate out CRDs for ultimate flexibility.)"),(0,n.kt)(o.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",s.d["v0.5"].fleetCRD,"\nhelm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",s.d["v0.5"].fleet),(0,n.kt)("h2",{id:"add-a-git-repo-to-watch"},"Add a Git Repo to watch"),(0,n.kt)("p",null,"Change ",(0,n.kt)("inlineCode",{parentName:"p"},"spec.repo")," to your git repo of choice. Kubernetes manifest files that should\nbe deployed should be in ",(0,n.kt)("inlineCode",{parentName:"p"},"/manifests")," in your repo."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-bash"},'cat > example.yaml << "EOF"\napiVersion: fleet.cattle.io/v1alpha1\nkind: GitRepo\nmetadata:\n name: sample\n # This namespace is special and auto-wired to deploy to the local cluster\n namespace: fleet-local\nspec:\n # Everything from this repo will be run in this cluster. You trust me right?\n repo: "https://github.com/rancher/fleet-examples"\n paths:\n - simple\nEOF\n\nkubectl apply -f example.yaml\n')),(0,n.kt)("h2",{id:"get-status"},"Get Status"),(0,n.kt)("p",null,"Get status of what fleet is doing"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n fleet-local get fleet\n")),(0,n.kt)("p",null,"You should see something like this get created in your cluster."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"kubectl get deploy frontend\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY UP-TO-DATE AVAILABLE AGE\nfrontend 3/3 3 3 116m\n")),(0,n.kt)("p",null,"Enjoy and read the ",(0,n.kt)("a",{parentName:"p",href:"https://rancher.github.io/fleet"},"docs"),"."))}h.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/ec9fa214.6b477a36.js b/assets/js/ec9fa214.acec8efc.js similarity index 98% rename from assets/js/ec9fa214.6b477a36.js rename to assets/js/ec9fa214.acec8efc.js index f1fa8c5e4..8d733ead6 100644 --- a/assets/js/ec9fa214.6b477a36.js +++ b/assets/js/ec9fa214.acec8efc.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[247],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.8/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.8/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.8/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/multi-user.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.8/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.8/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.8/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.8/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.8/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[247],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.8/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.8/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.8/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/multi-user.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.8/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.8/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.8/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.8/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.8/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file diff --git a/assets/js/f060f65c.885f3431.js b/assets/js/f060f65c.885f3431.js new file mode 100644 index 000000000..042e80353 --- /dev/null +++ b/assets/js/f060f65c.885f3431.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2402],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function s(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function l(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(s[a]=e[a]);return s}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(s[a]=e[a])}return s}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,s=e.mdxType,l=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=s,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||l;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,s=t&&t.mdxType;if("string"==typeof e||s){var l=a.length,r=new Array(l);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:s,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>p});var n=a(7462),s=(a(7294),a(3905));const l={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.9/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.9/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.9/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/namespaces.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Git Repository Contents",permalink:"/0.9/gitrepo-content"},next:{title:"Custom Resources During Deployment",permalink:"/0.9/resources-during-deployment"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"GitRepo Namespace",id:"gitrepo-namespace",level:3},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local (local workspace, cluster registration namespace)",id:"fleet-local-local-workspace-cluster-registration-namespace",level:3},{value:"cattle-fleet-system (system namespace)",id:"cattle-fleet-system-system-namespace",level:3},{value:"cattle-fleet-clusters-system (system registration namespace)",id:"cattle-fleet-clusters-system-system-registration-namespace",level:3},{value:"Cluster Namespaces",id:"cluster-namespaces",level:3},{value:"Cross Namespace Deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2},{value:"Allowed Target Namespaces",id:"allowed-target-namespaces",level:3}],c={toc:p};function m(e){let{components:t,...l}=e;return(0,s.kt)("wrapper",(0,n.Z)({},c,l,{components:t,mdxType:"MDXLayout"}),(0,s.kt)("h1",{id:"namespaces"},"Namespaces"),(0,s.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,s.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,s.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,s.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,s.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,s.kt)("h3",{id:"gitrepo-namespace"},"GitRepo Namespace"),(0,s.kt)("p",null,"Git repos are added to the Fleet manager using the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," custom resource type. The ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," type is namespaced. By default, Rancher will create two Fleet workspaces: ",(0,s.kt)("strong",{parentName:"p"},"fleet-default")," and ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),"."),(0,s.kt)("ul",null,(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-default")," will contain all the downstream clusters that are already registered through Rancher."),(0,s.kt)("li",{parentName:"ul"},(0,s.kt)("inlineCode",{parentName:"li"},"Fleet-local")," will contain the local cluster by default.")),(0,s.kt)("p",null,"If you are using Fleet in a ",(0,s.kt)("a",{parentName:"p",href:"/0.9/concepts"},"single cluster")," style, the namespace will always be ",(0,s.kt)("strong",{parentName:"p"},"fleet-local"),". Check ",(0,s.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/namespaces/#fleet-local"},"here")," for more on the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace."),(0,s.kt)("p",null,"For a ",(0,s.kt)("a",{parentName:"p",href:"/0.9/concepts"},"multi-cluster")," style, please ensure you use the correct repo that will map to the right target clusters."),(0,s.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,s.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,s.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,s.kt)("p",null,"An overview of the ",(0,s.kt)("a",{parentName:"p",href:"/0.9/namespaces"},"namespaces")," used by fleet and their resources."),(0,s.kt)("p",null,(0,s.kt)("img",{alt:"Namespace",src:a(3159).Z,width:"1437",height:"1731"})),(0,s.kt)("h3",{id:"fleet-local-local-workspace-cluster-registration-namespace"},"fleet-local (local workspace, cluster registration namespace)"),(0,s.kt)("p",null,"The ",(0,s.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,s.kt)("p",null,"When fleet is installed the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,s.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,s.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,s.kt)("inlineCode",{parentName:"p"},"local")," ",(0,s.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,s.kt)("p",null,"The cluster registration namespace contains the cluster and the clusterregistration resources, as well as any gitrepos and bundles."),(0,s.kt)("h3",{id:"cattle-fleet-system-system-namespace"},"cattle-fleet-system (system namespace)"),(0,s.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,s.kt)("h3",{id:"cattle-fleet-clusters-system-system-registration-namespace"},"cattle-fleet-clusters-system (system registration namespace)"),(0,s.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,s.kt)("h3",{id:"cluster-namespaces"},"Cluster Namespaces"),(0,s.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,s.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,s.kt)("h2",{id:"cross-namespace-deployments"},"Cross Namespace Deployments"),(0,s.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,s.kt)("p",null,"If you are creating a ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,s.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,s.kt)("p",null,"A ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,s.kt)("p",null,"If the ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,s.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,s.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,s.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,s.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,s.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,s.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,s.kt)("p",null,"A namespace can contain multiple ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,s.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,s.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,s.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,s.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,s.kt)("pre",null,(0,s.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\nallowedTargetNamespaces: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')),(0,s.kt)("h3",{id:"allowed-target-namespaces"},"Allowed Target Namespaces"),(0,s.kt)("p",null,"This can be used to limit a deployment to a set of namespaces on a downstream cluster.\nIf an allowedTargetNamespaces restriction is present, all ",(0,s.kt)("inlineCode",{parentName:"p"},"GitRepos")," must\nspecify a ",(0,s.kt)("inlineCode",{parentName:"p"},"targetNamespace")," and the specified namespace must be in the allow\nlist.\nThis also prevents the creation of cluster wide resources."))}m.isMDXComponent=!0},3159:(e,t,a)=>{a.d(t,{Z:()=>n});const n=a.p+"assets/images/FleetNamespaces-4e461907ba4d5bbf6b309d125383bdb5.svg"}}]); \ No newline at end of file diff --git a/assets/js/f14b6af8.b0d890fe.js b/assets/js/f14b6af8.c00ddf23.js similarity index 97% rename from assets/js/f14b6af8.b0d890fe.js rename to assets/js/f14b6af8.c00ddf23.js index c8c1ff1eb..9a4688710 100644 --- a/assets/js/f14b6af8.b0d890fe.js +++ b/assets/js/f14b6af8.c00ddf23.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6469],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||o;return n?r.createElement(m,a(a({ref:t},p),{},{components:n})):r.createElement(m,a({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.6/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.6/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.6/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.6/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6469],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},u=r.forwardRef((function(e,t){var n=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),d=l,m=u["".concat(s,".").concat(d)]||u[d]||f[d]||o;return n?r.createElement(m,a(a({ref:t},p),{},{components:n})):r.createElement(m,a({ref:t},p))}));function d(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=n.length,a=new Array(o);a[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var r=n(7462),l=(n(7294),n(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.6/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.6/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.6/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.6/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,r.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n -h, --help help for apply\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f2761eee.e2f13d2b.js b/assets/js/f2761eee.e2f13d2b.js new file mode 100644 index 000000000..8818dfdfc --- /dev/null +++ b/assets/js/f2761eee.e2f13d2b.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3062],{3905:(t,e,n)=>{n.d(e,{Zo:()=>d,kt:()=>s});var r=n(7294);function a(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function l(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function o(t){for(var e=1;e=0||(a[n]=t[n]);return a}(t,e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(t);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(t,n)&&(a[n]=t[n])}return a}var p=r.createContext({}),u=function(t){var e=r.useContext(p),n=e;return t&&(n="function"==typeof t?t(e):o(o({},e),t)),n},d=function(t){var e=u(t.components);return r.createElement(p.Provider,{value:e},t.children)},m={inlineCode:"code",wrapper:function(t){var e=t.children;return r.createElement(r.Fragment,{},e)}},c=r.forwardRef((function(t,e){var n=t.components,a=t.mdxType,l=t.originalType,p=t.parentName,d=i(t,["components","mdxType","originalType","parentName"]),c=u(n),s=a,g=c["".concat(p,".").concat(s)]||c[s]||m[s]||l;return n?r.createElement(g,o(o({ref:e},d),{},{components:n})):r.createElement(g,o({ref:e},d))}));function s(t,e){var n=arguments,a=e&&e.mdxType;if("string"==typeof t||a){var l=n.length,o=new Array(l);o[0]=c;var i={};for(var p in e)hasOwnProperty.call(e,p)&&(i[p]=e[p]);i.originalType=t,i.mdxType="string"==typeof t?t:a,o[1]=i;for(var u=2;u{n.r(e),n.d(e,{assets:()=>p,contentTitle:()=>o,default:()=>m,frontMatter:()=>l,metadata:()=>i,toc:()=>u});var r=n(7462),a=(n(7294),n(3905));const l={},o="List of Deployed Resources",i={unversionedId:"ref-resources",id:"version-0.9/ref-resources",title:"List of Deployed Resources",description:"After installing Fleet in Rancher these resources are created in the upstream cluster.",source:"@site/versioned_docs/version-0.9/ref-resources.md",sourceDirName:".",slug:"/ref-resources",permalink:"/0.9/ref-resources",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/ref-resources.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.9/ref-configuration"},next:{title:"Custom Resources Spec",permalink:"/0.9/ref-crds"}},p={},u=[],d={toc:u};function m(t){let{components:e,...n}=t;return(0,a.kt)("wrapper",(0,r.Z)({},d,n,{components:e,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"list-of-deployed-resources"},"List of Deployed Resources"),(0,a.kt)("p",null,"After installing Fleet in Rancher these resources are created in the upstream cluster."),(0,a.kt)("table",null,(0,a.kt)("thead",{parentName:"table"},(0,a.kt)("tr",{parentName:"thead"},(0,a.kt)("th",{parentName:"tr",align:null},"Type"),(0,a.kt)("th",{parentName:"tr",align:null},"Name"),(0,a.kt)("th",{parentName:"tr",align:null},"Namespace"))),(0,a.kt)("tbody",{parentName:"table"},(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"From Helm, intial setup:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRole"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterRoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob-binding"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ConfigMap"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Deployment"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Role"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"RoleBinding"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Service"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-controller"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ServiceAccount"),(0,a.kt)("td",{parentName:"tr",align:null},"gitjob"),(0,a.kt)("td",{parentName:"tr",align:null},"cattle-fleet-system")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Generated:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"local"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"ClusterGroup"),(0,a.kt)("td",{parentName:"tr",align:null},"default"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-local")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"For each registered cluster:"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.provisioning.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null}),(0,a.kt)("td",{parentName:"tr",align:null},"by default fleet-default")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.management.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"generated"),(0,a.kt)("td",{parentName:"tr",align:null},"-")),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"clusters.fleet.cattle.io"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"Bundle"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-default"),(0,a.kt)("td",{parentName:"tr",align:null})),(0,a.kt)("tr",{parentName:"tbody"},(0,a.kt)("td",{parentName:"tr",align:null},"BundleDeployment"),(0,a.kt)("td",{parentName:"tr",align:null},"cluster-fleet-local-local-ID"),(0,a.kt)("td",{parentName:"tr",align:null},"fleet-agent-local")))),(0,a.kt)("p",null,"Also see ","[namespaces]"))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f347fdc1.2476dd8e.js b/assets/js/f347fdc1.ee18628d.js similarity index 98% rename from assets/js/f347fdc1.2476dd8e.js rename to assets/js/f347fdc1.ee18628d.js index 1ac34a080..793a2332b 100644 --- a/assets/js/f347fdc1.2476dd8e.js +++ b/assets/js/f347fdc1.ee18628d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[307],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},u=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),m=r,h=u["".concat(s,".").concat(m)]||u[m]||d[m]||l;return n?a.createElement(h,o(o({ref:t},p),{},{components:n})):a.createElement(h,o({ref:t},p))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},o="Create a Bundle Resource",i={unversionedId:"bundle-add",id:"version-0.8/bundle-add",title:"Create a Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created",source:"@site/versioned_docs/version-0.8/bundle-add.md",sourceDirName:".",slug:"/bundle-add",permalink:"/0.8/bundle-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/bundle-add.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.8/imagescan"},next:{title:"fleet-agent",permalink:"/0.8/cli/fleet-agent/"}},s={},c=[{value:"Limitations",id:"limitations",level:2},{value:"Convert a Helm Chart into a Bundle",id:"convert-a-helm-chart-into-a-bundle",level:2}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-bundle-resource"},"Create a Bundle Resource"),(0,r.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created. In most cases ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundles")," should not be created\nmanually by the user. If you want to deploy resources from a git repository use a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-add"},"GitRepo")," instead."),(0,r.kt)("p",null,"If you want to deploy resources without a git repository follow this guide to create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle"),"."),(0,r.kt)("p",null,"When creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," Fleet will fetch the resources from a git repository, and add them to a Bundle.\nWhen creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," resources need to be explicitly specified in the ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," Spec.\nResources can be compressed with gz. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher/blob/v2.7.3/pkg/controllers/provisioningv2/managedchart/managedchart.go#L149-L153"},"here"),"\nan example of how Rancher uses compression in go code."),(0,r.kt)("p",null,"If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),".\nSee ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-targets#defining-targets"},"Mapping to Downstream Clusters"),"."),(0,r.kt)("p",null,"The following example creates a nginx ",(0,r.kt)("inlineCode",{parentName:"p"},"Deployment")," in the local cluster:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n resources:\n # List of all resources that will be deployed\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n targets:\n - clusterName: local\n\n")),(0,r.kt)("h2",{id:"limitations"},"Limitations"),(0,r.kt)("p",null,"Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.repo")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.charts"))),(0,r.kt)("p",null,"You can't use a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in resources, it is only used by the fleet-cli to create bundles."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targetRestrictions")," field is not useful, as it is an allow list for targets specified in ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets"),". It is not needed, since ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," are explicitly given in a bundle and an empty ",(0,r.kt)("inlineCode",{parentName:"p"},"targetRestrictions")," defaults to allow."),(0,r.kt)("h2",{id:"convert-a-helm-chart-into-a-bundle"},"Convert a Helm Chart into a Bundle"),(0,r.kt)("p",null,"You can use the Fleet CLI to convert a Helm chart into a bundle."),(0,r.kt)("p",null,'For example, you can download and convert the "external secrets" operator chart like this:'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"cat > targets.yaml < app/fleet.yaml < eso-bundle.yaml\n\nkubectl apply -f eso-bundle.yaml\n")),(0,r.kt)("p",null,"Make sure you use a cluster selector in ",(0,r.kt)("inlineCode",{parentName:"p"},"targets.yaml"),", that matches all clusters you want to deploy to."),(0,r.kt)("p",null,"The blog post on ",(0,r.kt)("a",{parentName:"p",href:"https://www.suse.com/c/rancher_blog/fleet-multi-cluster-deployment-with-the-help-of-external-secrets/"},"Fleet: Multi-Cluster Deployment with the Help of External Secrets")," has more information."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[307],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function o(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},u=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),u=c(n),m=r,h=u["".concat(s,".").concat(m)]||u[m]||d[m]||l;return n?a.createElement(h,o(o({ref:t},p),{},{components:n})):a.createElement(h,o({ref:t},p))}));function m(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var l=n.length,o=new Array(l);o[0]=u;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:r,o[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>o,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var a=n(7462),r=(n(7294),n(3905));const l={},o="Create a Bundle Resource",i={unversionedId:"bundle-add",id:"version-0.8/bundle-add",title:"Create a Bundle Resource",description:"Bundles are automatically created by Fleet when a GitRepo is created. In most cases Bundles should not be created",source:"@site/versioned_docs/version-0.8/bundle-add.md",sourceDirName:".",slug:"/bundle-add",permalink:"/0.8/bundle-add",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/bundle-add.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Image Scan to Update Container Image References",permalink:"/0.8/imagescan"},next:{title:"fleet-agent",permalink:"/0.8/cli/fleet-agent/"}},s={},c=[{value:"Limitations",id:"limitations",level:2},{value:"Convert a Helm Chart into a Bundle",id:"convert-a-helm-chart-into-a-bundle",level:2}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"create-a-bundle-resource"},"Create a Bundle Resource"),(0,r.kt)("p",null,"Bundles are automatically created by Fleet when a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," is created. In most cases ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundles")," should not be created\nmanually by the user. If you want to deploy resources from a git repository use a\n",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-add"},"GitRepo")," instead."),(0,r.kt)("p",null,"If you want to deploy resources without a git repository follow this guide to create a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle"),"."),(0,r.kt)("p",null,"When creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo")," Fleet will fetch the resources from a git repository, and add them to a Bundle.\nWhen creating a ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," resources need to be explicitly specified in the ",(0,r.kt)("inlineCode",{parentName:"p"},"Bundle")," Spec.\nResources can be compressed with gz. See ",(0,r.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher/blob/v2.7.3/pkg/controllers/provisioningv2/managedchart/managedchart.go#L149-L153"},"here"),"\nan example of how Rancher uses compression in go code."),(0,r.kt)("p",null,"If you would like to deploy in downstream clusters, you need to define targets. Targets work similarly to targets in ",(0,r.kt)("inlineCode",{parentName:"p"},"GitRepo"),".\nSee ",(0,r.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/gitrepo-targets#defining-targets"},"Mapping to Downstream Clusters"),"."),(0,r.kt)("p",null,"The following example creates a nginx ",(0,r.kt)("inlineCode",{parentName:"p"},"Deployment")," in the local cluster:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: Bundle\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n # Any name can be used here\n name: my-bundle\n # For single cluster use fleet-local, otherwise use the namespace of\n # your choosing\n namespace: fleet-local\nspec:\n resources:\n # List of all resources that will be deployed\n - content: |\n apiVersion: apps/v1\n kind: Deployment\n metadata:\n name: nginx-deployment\n labels:\n app: nginx\n spec:\n replicas: 3\n selector:\n matchLabels:\n app: nginx\n template:\n metadata:\n labels:\n app: nginx\n spec:\n containers:\n - name: nginx\n image: nginx:1.14.2\n ports:\n - containerPort: 80\n name: nginx.yaml\n targets:\n - clusterName: local\n\n")),(0,r.kt)("h2",{id:"limitations"},"Limitations"),(0,r.kt)("p",null,"Helm options related to downloading the helm chart will be ignored. The helm chart is downloaded by the fleet-cli, which creates the bundles. The bundle has to contain all the resources from the chart. Therefore the bundle will ignore:"),(0,r.kt)("ul",null,(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.repo")),(0,r.kt)("li",{parentName:"ul"},(0,r.kt)("inlineCode",{parentName:"li"},"spec.helm.charts"))),(0,r.kt)("p",null,"You can't use a ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in resources, it is only used by the fleet-cli to create bundles."),(0,r.kt)("p",null,"The ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targetRestrictions")," field is not useful, as it is an allow list for targets specified in ",(0,r.kt)("inlineCode",{parentName:"p"},"spec.targets"),". It is not needed, since ",(0,r.kt)("inlineCode",{parentName:"p"},"targets")," are explicitly given in a bundle and an empty ",(0,r.kt)("inlineCode",{parentName:"p"},"targetRestrictions")," defaults to allow."),(0,r.kt)("h2",{id:"convert-a-helm-chart-into-a-bundle"},"Convert a Helm Chart into a Bundle"),(0,r.kt)("p",null,"You can use the Fleet CLI to convert a Helm chart into a bundle."),(0,r.kt)("p",null,'For example, you can download and convert the "external secrets" operator chart like this:'),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre"},"cat > targets.yaml < app/fleet.yaml < eso-bundle.yaml\n\nkubectl apply -f eso-bundle.yaml\n")),(0,r.kt)("p",null,"Make sure you use a cluster selector in ",(0,r.kt)("inlineCode",{parentName:"p"},"targets.yaml"),", that matches all clusters you want to deploy to."),(0,r.kt)("p",null,"The blog post on ",(0,r.kt)("a",{parentName:"p",href:"https://www.suse.com/c/rancher_blog/fleet-multi-cluster-deployment-with-the-help-of-external-secrets/"},"Fleet: Multi-Cluster Deployment with the Help of External Secrets")," has more information."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f4793a78.a6d77e06.js b/assets/js/f4793a78.a0da4890.js similarity index 97% rename from assets/js/f4793a78.a6d77e06.js rename to assets/js/f4793a78.a0da4890.js index 6b48f47d2..12c2e7ee1 100644 --- a/assets/js/f4793a78.a6d77e06.js +++ b/assets/js/f4793a78.a0da4890.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5455],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.6/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.6/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.6/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-group.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.6/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.6/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5455],{3905:(e,t,r)=>{r.d(t,{Zo:()=>i,kt:()=>d});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function s(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var c=n.createContext({}),u=function(e){var t=n.useContext(c),r=t;return e&&(r="function"==typeof e?e(t):s(s({},t),e)),r},i=function(e){var t=u(e.components);return n.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},m=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,o=e.originalType,c=e.parentName,i=l(e,["components","mdxType","originalType","parentName"]),m=u(r),d=a,f=m["".concat(c,".").concat(d)]||m[d]||p[d]||o;return r?n.createElement(f,s(s({ref:t},i),{},{components:r})):n.createElement(f,s({ref:t},i))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=r.length,s=new Array(o);s[0]=m;var l={};for(var c in t)hasOwnProperty.call(t,c)&&(l[c]=t[c]);l.originalType=e,l.mdxType="string"==typeof e?e:a,s[1]=l;for(var u=2;u{r.r(t),r.d(t,{assets:()=>c,contentTitle:()=>s,default:()=>p,frontMatter:()=>o,metadata:()=>l,toc:()=>u});var n=r(7462),a=(r(7294),r(3905));const o={},s="Create Cluster Groups",l={unversionedId:"cluster-group",id:"version-0.6/cluster-group",title:"Create Cluster Groups",description:"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.",source:"@site/versioned_docs/version-0.6/cluster-group.md",sourceDirName:".",slug:"/cluster-group",permalink:"/0.6/cluster-group",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/cluster-group.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Register Downstream Clusters",permalink:"/0.6/cluster-registration"},next:{title:"Setup Multi User",permalink:"/0.6/multi-user"}},c={},u=[],i={toc:u};function p(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},i,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"create-cluster-groups"},"Create Cluster Groups"),(0,a.kt)("p",null,"Clusters in a namespace can be put into a cluster group. A cluster group is essentially a named selector.\nThe only parameter for a cluster group is essentially the selector.\nWhen you get to a certain scale cluster groups become a more reasonable way to manage your clusters.\nCluster groups serve the purpose of giving aggregated\nstatus of the deployments and then also a simpler way to manage targets."),(0,a.kt)("p",null,"A cluster group is created by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," resource like below"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: ClusterGroup\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: production-group\n namespace: clusters\nspec:\n # This is the standard metav1.LabelSelector format to match clusters by labels\n selector:\n matchLabels:\n env: prod\n")))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f531b716.d6eb5e6c.js b/assets/js/f531b716.2b7ee900.js similarity index 96% rename from assets/js/f531b716.d6eb5e6c.js rename to assets/js/f531b716.2b7ee900.js index 48b2e9062..848fb174e 100644 --- a/assets/js/f531b716.d6eb5e6c.js +++ b/assets/js/f531b716.2b7ee900.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4203],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.6/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.6/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.6/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/imagescan.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.6/webhook"},next:{title:"fleet-agent",permalink:"/0.6/cli/fleet-agent/"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5464],{3905:(e,t,n)=>{n.d(t,{Zo:()=>m,kt:()=>u});var a=n(7294);function r(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var c=a.createContext({}),l=function(e){var t=a.useContext(c),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},m=function(e){var t=l(e.components);return a.createElement(c.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,r=e.mdxType,o=e.originalType,c=e.parentName,m=s(e,["components","mdxType","originalType","parentName"]),d=l(n),u=r,g=d["".concat(c,".").concat(u)]||d[u]||p[u]||o;return n?a.createElement(g,i(i({ref:t},m),{},{components:n})):a.createElement(g,i({ref:t},m))}));function u(e,t){var n=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var c in t)hasOwnProperty.call(t,c)&&(s[c]=t[c]);s.originalType=e,s.mdxType="string"==typeof e?e:r,i[1]=s;for(var l=2;l{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>l});var a=n(7462),r=(n(7294),n(3905));const o={},i="Using Image Scan to Update Container Image References",s={unversionedId:"imagescan",id:"version-0.6/imagescan",title:"Using Image Scan to Update Container Image References",description:"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,",source:"@site/versioned_docs/version-0.6/imagescan.md",sourceDirName:".",slug:"/imagescan",permalink:"/0.6/imagescan",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/imagescan.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Using Webhooks Instead of Polling",permalink:"/0.6/webhook"},next:{title:"fleet-agent",permalink:"/0.6/cli/fleet-agent/"}},c={},l=[],m={toc:l};function p(e){let{components:t,...n}=e;return(0,r.kt)("wrapper",(0,a.Z)({},m,n,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-image-scan-to-update-container-image-references"},"Using Image Scan to Update Container Image References"),(0,r.kt)("p",null,"Image scan in fleet allows you to scan your image repository, fetch the desired image and update your git repository,\nwithout the need to manually update your manifests."),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"This feature is considered as experimental feature.")),(0,r.kt)("p",null,"Go to ",(0,r.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and add the following section."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'imageScans:\n# specify the policy to retrieve images, can be semver or alphabetical order \n- policy: \n # if range is specified, it will take the latest image according to semver order in the range\n # for more details on how to use semver, see https://github.com/Masterminds/semver\n semver: \n range: "*" \n # can use ascending or descending order\n alphabetical:\n order: asc \n\n # specify images to scan\n image: "your.registry.com/repo/image" \n\n # Specify the tag name, it has to be unique in the same bundle\n tagName: test-scan\n\n # specify secret to pull image if in private registry\n secretRef:\n name: dockerhub-secret \n\n # Specify the scan interval\n interval: 5m \n')),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can create multiple image scans in fleet.yaml.")),(0,r.kt)("p",null,"Go to your manifest files and update the field that you want to replace. For example:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: redis-slave\nspec:\n selector:\n matchLabels:\n app: redis\n role: slave\n tier: backend\n replicas: 2\n template:\n metadata:\n labels:\n app: redis\n role: slave\n tier: backend\n spec:\n containers:\n - name: slave\n image: : # {"$imagescan": "test-scan"}\n resources:\n requests:\n cpu: 100m\n memory: 100Mi\n ports:\n - containerPort: 6379\n')),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"There are multiple form of tagName you can reference. For example"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan"}'),": Use full image name(foo/bar:tag)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:name"}'),": Only use image name without tag(foo/bar)"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:tag"}'),": Only use image tag"),(0,r.kt)("p",{parentName:"admonition"},(0,r.kt)("inlineCode",{parentName:"p"},'{"$imagescan": "test-scan:digest"}'),": Use full image name with digest(foo/bar:",(0,r.kt)("a",{parentName:"p",href:"mailto:tag@sha256..."},"tag@sha256..."),")")),(0,r.kt)("p",null,"Create a GitRepo that includes your fleet.yaml"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-repo\n namespace: fleet-local\nspec:\n # change this to be your own repo\n repo: https://github.com/rancher/fleet-examples \n # define how long it will sync all the images and decide to apply change\n imageScanInterval: 5m \n # user must properly provide a secret that have write access to git repository\n clientSecretName: secret \n # specify the commit pattern\n imageScanCommit:\n authorName: foo\n authorEmail: foo@bar.com\n messageTemplate: "update image"\n')),(0,r.kt)("p",null,"Try pushing a new image tag, for example, ",(0,r.kt)("inlineCode",{parentName:"p"},":"),". Wait for a while and there should be a new commit pushed into your git repository to change tag in deployment.yaml.\nOnce change is made into git repository, fleet will read through the change and deploy the change into your cluster."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f59af033.05445760.js b/assets/js/f59af033.05445760.js new file mode 100644 index 000000000..b6c93092e --- /dev/null +++ b/assets/js/f59af033.05445760.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5305],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Using Webhooks Instead of Polling",l={unversionedId:"webhook",id:"version-0.9/webhook",title:"Using Webhooks Instead of Polling",description:"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens).",source:"@site/versioned_docs/version-0.9/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.9/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/webhook.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs to Ignore Modified GitRepos",permalink:"/0.9/bundle-diffs"},next:{title:"Using Image Scan to Update Container Image References",permalink:"/0.9/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"using-webhooks-instead-of-polling"},"Using Webhooks Instead of Polling"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: every 15 seconds) to pull from a Git repo. This is a convenient default that works reasonably well for a small number of repos (up to a few tens)."),(0,r.kt)("p",null,"For installations with multiple tens up to hundreds of Git repos, and in general to reduce latency (the time between a push to Git and fleet reacting to it), configuring webhooks is recommended instead of polling."),(0,r.kt)("p",null,"Fleet currently supports Github, GitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/f63438e5.412a1485.js b/assets/js/f63438e5.30b19c25.js similarity index 98% rename from assets/js/f63438e5.412a1485.js rename to assets/js/f63438e5.30b19c25.js index 96ffb868b..656709855 100644 --- a/assets/js/f63438e5.412a1485.js +++ b/assets/js/f63438e5.30b19c25.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[665],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.4/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.4/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.4/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/webhook.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"},next:{title:"Image scan",permalink:"/0.4/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[665],{3905:(e,t,o)=>{o.d(t,{Zo:()=>u,kt:()=>h});var n=o(7294);function r(e,t,o){return t in e?Object.defineProperty(e,t,{value:o,enumerable:!0,configurable:!0,writable:!0}):e[t]=o,e}function a(e,t){var o=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),o.push.apply(o,n)}return o}function i(e){for(var t=1;t=0||(r[o]=e[o]);return r}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,o)&&(r[o]=e[o])}return r}var s=n.createContext({}),c=function(e){var t=n.useContext(s),o=t;return e&&(o="function"==typeof e?e(t):i(i({},t),e)),o},u=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var o=e.components,r=e.mdxType,a=e.originalType,s=e.parentName,u=l(e,["components","mdxType","originalType","parentName"]),d=c(o),h=r,b=d["".concat(s,".").concat(h)]||d[h]||p[h]||a;return o?n.createElement(b,i(i({ref:t},u),{},{components:o})):n.createElement(b,i({ref:t},u))}));function h(e,t){var o=arguments,r=t&&t.mdxType;if("string"==typeof e||r){var a=o.length,i=new Array(a);i[0]=d;var l={};for(var s in t)hasOwnProperty.call(t,s)&&(l[s]=t[s]);l.originalType=e,l.mdxType="string"==typeof e?e:r,i[1]=l;for(var c=2;c{o.r(t),o.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>a,metadata:()=>l,toc:()=>c});var n=o(7462),r=(o(7294),o(3905));const a={},i="Webhook",l={unversionedId:"webhook",id:"version-0.4/webhook",title:"Webhook",description:"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,",source:"@site/versioned_docs/version-0.4/webhook.md",sourceDirName:".",slug:"/webhook",permalink:"/0.4/webhook",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/webhook.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"},next:{title:"Image scan",permalink:"/0.4/imagescan"}},s={},c=[{value:"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service.",id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service",level:3},{value:"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example.",id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example",level:3},{value:"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called gitjob-webhook in cattle-fleet-system.",id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system",level:3},{value:"4. Go to your git provider and test the connection. You should get a HTTP response code.",id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code",level:3}],u={toc:c};function p(e){let{components:t,...a}=e;return(0,r.kt)("wrapper",(0,n.Z)({},u,a,{components:t,mdxType:"MDXLayout"}),(0,r.kt)("h1",{id:"webhook"},"Webhook"),(0,r.kt)("p",null,"By default, Fleet utilizes polling (default: 15 seconds) to pull from a Git repo.However, this can be configured to utilize a webhook instead.Fleet currently supports Github,\nGitLab, Bitbucket, Bitbucket Server and Gogs."),(0,r.kt)("h3",{id:"1-configure-the-webhook-service-fleet-uses-a-gitjob-service-to-handle-webhook-requests-create-an-ingress-that-points-to-the-gitjob-service"},"1. Configure the webhook service. Fleet uses a gitjob service to handle webhook requests. Create an ingress that points to the gitjob service."),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-yaml"},"apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: webhook-ingress\n namespace: cattle-fleet-system\nspec:\n rules:\n - host: your.domain.com\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: gitjob\n port:\n number: 80\n")),(0,r.kt)("admonition",{type:"info"},(0,r.kt)("p",{parentName:"admonition"},"You can configure ",(0,r.kt)("a",{parentName:"p",href:"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls"},"TLS")," on ingress.")),(0,r.kt)("h3",{id:"2-go-to-your-webhook-provider-and-configure-the-webhook-callback-url-here-is-a-github-example"},"2. Go to your webhook provider and configure the webhook callback url. Here is a Github example."),(0,r.kt)("p",null,(0,r.kt)("img",{src:o(696).Z,width:"1830",height:"1563"})),(0,r.kt)("p",null,"Configuring a secret is optional. This is used to validate the webhook payload as the payload should not be trusted by default.\nIf your webhook server is publicly accessible to the Internet, then it is recommended to configure the secret. If you do configure the\nsecret, follow step 3."),(0,r.kt)("admonition",{type:"note"},(0,r.kt)("p",{parentName:"admonition"},"only application/json is supported due to the limitation of webhook library.")),(0,r.kt)("admonition",{type:"caution"},(0,r.kt)("p",{parentName:"admonition"},"If you configured the webhook the polling interval will be automatically adjusted to 1 hour.")),(0,r.kt)("h3",{id:"3-optional-configure-webhook-secret-the-secret-is-for-validating-webhook-payload-make-sure-to-put-it-in-a-k8s-secret-called-gitjob-webhook-in-cattle-fleet-system"},"3. (Optional) Configure webhook secret. The secret is for validating webhook payload. Make sure to put it in a k8s secret called ",(0,r.kt)("inlineCode",{parentName:"h3"},"gitjob-webhook")," in ",(0,r.kt)("inlineCode",{parentName:"h3"},"cattle-fleet-system"),"."),(0,r.kt)("table",null,(0,r.kt)("thead",{parentName:"table"},(0,r.kt)("tr",{parentName:"thead"},(0,r.kt)("th",{parentName:"tr",align:null},"Provider"),(0,r.kt)("th",{parentName:"tr",align:null},"K8s Secret Key"))),(0,r.kt)("tbody",{parentName:"table"},(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitHub"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"github"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"GitLab"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gitlab"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucket"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"BitBucketServer"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"bitbucket-server"))),(0,r.kt)("tr",{parentName:"tbody"},(0,r.kt)("td",{parentName:"tr",align:null},"Gogs"),(0,r.kt)("td",{parentName:"tr",align:null},(0,r.kt)("inlineCode",{parentName:"td"},"gogs"))))),(0,r.kt)("p",null,"For example, to create a secret containing a GitHub secret to validate the webhook payload, run:"),(0,r.kt)("pre",null,(0,r.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl create secret generic gitjob-webhook -n cattle-fleet-system --from-literal=github=webhooksecretvalue\n")),(0,r.kt)("h3",{id:"4-go-to-your-git-provider-and-test-the-connection-you-should-get-a-http-response-code"},"4. Go to your git provider and test the connection. You should get a HTTP response code."))}p.isMDXComponent=!0},696:(e,t,o)=>{o.d(t,{Z:()=>n});const n=o.p+"assets/images/webhook-9c042ab211f1b5438bf70372e92ecdf7.png"}}]); \ No newline at end of file diff --git a/assets/js/f66ef323.c92968d0.js b/assets/js/f66ef323.c5d876f2.js similarity index 99% rename from assets/js/f66ef323.c92968d0.js rename to assets/js/f66ef323.c5d876f2.js index 06e695b45..c33f415eb 100644 --- a/assets/js/f66ef323.c92968d0.js +++ b/assets/js/f66ef323.c5d876f2.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1296],{3905:(t,e,a)=>{a.d(e,{Zo:()=>d,kt:()=>s});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},d=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},k={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,d=p(t,["components","mdxType","originalType","parentName"]),N=u(a),s=l,o=N["".concat(m,".").concat(s)]||N[s]||k[s]||r;return a?n.createElement(o,i(i({ref:e},d),{},{components:a})):n.createElement(o,i({ref:e},d))}));function s(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>k,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",p={unversionedId:"ref-crds",id:"version-0.6/ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/versioned_docs/version-0.6/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.6/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-crds.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.6/ref-configuration"},next:{title:"fleet.yaml",permalink:"/0.6/ref-fleet-yaml"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],d={toc:u};function k(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},d,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourcePerClusterState]","(#resourceperclusterstate)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitTarget]","(#gittarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitRepoResource]","(#gitreporesource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contain the actual resources from the git repo which will be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleResource]","(#bundleresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTarget]","(#bundletarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions restrict which clusters the bundle will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTargetRestriction]","(#bundletargetrestriction)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][PartitionStatus]","(#partitionstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourceKey]","(#resourcekey)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyResource]","(#nonreadyresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Operation]","(#operation)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ComparePatch]","(#comparepatch)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[][ValuesFrom]","(#valuesfrom)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Partition]","(#partition)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}k.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1296],{3905:(t,e,a)=>{a.d(e,{Zo:()=>d,kt:()=>s});var n=a(7294);function l(t,e,a){return e in t?Object.defineProperty(t,e,{value:a,enumerable:!0,configurable:!0,writable:!0}):t[e]=a,t}function r(t,e){var a=Object.keys(t);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(t);e&&(n=n.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),a.push.apply(a,n)}return a}function i(t){for(var e=1;e=0||(l[a]=t[a]);return l}(t,e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(t,a)&&(l[a]=t[a])}return l}var m=n.createContext({}),u=function(t){var e=n.useContext(m),a=e;return t&&(a="function"==typeof t?t(e):i(i({},e),t)),a},d=function(t){var e=u(t.components);return n.createElement(m.Provider,{value:e},t.children)},k={inlineCode:"code",wrapper:function(t){var e=t.children;return n.createElement(n.Fragment,{},e)}},N=n.forwardRef((function(t,e){var a=t.components,l=t.mdxType,r=t.originalType,m=t.parentName,d=p(t,["components","mdxType","originalType","parentName"]),N=u(a),s=l,o=N["".concat(m,".").concat(s)]||N[s]||k[s]||r;return a?n.createElement(o,i(i({ref:e},d),{},{components:a})):n.createElement(o,i({ref:e},d))}));function s(t,e){var a=arguments,l=e&&e.mdxType;if("string"==typeof t||l){var r=a.length,i=new Array(r);i[0]=N;var p={};for(var m in e)hasOwnProperty.call(e,m)&&(p[m]=e[m]);p.originalType=t,p.mdxType="string"==typeof t?t:l,i[1]=p;for(var u=2;u{a.r(e),a.d(e,{assets:()=>m,contentTitle:()=>i,default:()=>k,frontMatter:()=>r,metadata:()=>p,toc:()=>u});var n=a(7462),l=(a(7294),a(3905));const r={},i="Custom Resources Spec",p={unversionedId:"ref-crds",id:"version-0.6/ref-crds",title:"Custom Resources Spec",description:"* GitRepo",source:"@site/versioned_docs/version-0.6/ref-crds.md",sourceDirName:".",slug:"/ref-crds",permalink:"/0.6/ref-crds",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/ref-crds.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Configuration",permalink:"/0.6/ref-configuration"},next:{title:"fleet.yaml",permalink:"/0.6/ref-fleet-yaml"}},m={},u=[{value:"GitRepo",id:"gitrepo",level:4},{value:"GitRepoDisplay",id:"gitrepodisplay",level:4},{value:"GitRepoResource",id:"gitreporesource",level:4},{value:"GitRepoResourceCounts",id:"gitreporesourcecounts",level:4},{value:"GitRepoRestriction",id:"gitreporestriction",level:4},{value:"GitRepoSpec",id:"gitrepospec",level:4},{value:"GitRepoStatus",id:"gitrepostatus",level:4},{value:"GitTarget",id:"gittarget",level:4},{value:"ResourcePerClusterState",id:"resourceperclusterstate",level:4},{value:"Bundle",id:"bundle",level:4},{value:"BundleDeployment",id:"bundledeployment",level:4},{value:"BundleDeploymentDisplay",id:"bundledeploymentdisplay",level:4},{value:"BundleDeploymentOptions",id:"bundledeploymentoptions",level:4},{value:"BundleDeploymentSpec",id:"bundledeploymentspec",level:4},{value:"BundleDeploymentStatus",id:"bundledeploymentstatus",level:4},{value:"BundleDisplay",id:"bundledisplay",level:4},{value:"BundleNamespaceMapping",id:"bundlenamespacemapping",level:4},{value:"BundleRef",id:"bundleref",level:4},{value:"BundleResource",id:"bundleresource",level:4},{value:"BundleSpec",id:"bundlespec",level:4},{value:"BundleStatus",id:"bundlestatus",level:4},{value:"BundleSummary",id:"bundlesummary",level:4},{value:"BundleTarget",id:"bundletarget",level:4},{value:"BundleTargetRestriction",id:"bundletargetrestriction",level:4},{value:"ComparePatch",id:"comparepatch",level:4},{value:"ConfigMapKeySelector",id:"configmapkeyselector",level:4},{value:"Content",id:"content",level:4},{value:"DiffOptions",id:"diffoptions",level:4},{value:"HelmOptions",id:"helmoptions",level:4},{value:"KustomizeOptions",id:"kustomizeoptions",level:4},{value:"LocalObjectReference",id:"localobjectreference",level:4},{value:"ModifiedStatus",id:"modifiedstatus",level:4},{value:"NonReadyResource",id:"nonreadyresource",level:4},{value:"NonReadyStatus",id:"nonreadystatus",level:4},{value:"Operation",id:"operation",level:4},{value:"Partition",id:"partition",level:4},{value:"PartitionStatus",id:"partitionstatus",level:4},{value:"ResourceKey",id:"resourcekey",level:4},{value:"RolloutStrategy",id:"rolloutstrategy",level:4},{value:"SecretKeySelector",id:"secretkeyselector",level:4},{value:"ValuesFrom",id:"valuesfrom",level:4},{value:"YAMLOptions",id:"yamloptions",level:4},{value:"AlphabeticalPolicy",id:"alphabeticalpolicy",level:4},{value:"CommitSpec",id:"commitspec",level:4},{value:"ImagePolicyChoice",id:"imagepolicychoice",level:4},{value:"ImageScan",id:"imagescan",level:4},{value:"ImageScanSpec",id:"imagescanspec",level:4},{value:"ImageScanStatus",id:"imagescanstatus",level:4},{value:"SemVerPolicy",id:"semverpolicy",level:4},{value:"AgentStatus",id:"agentstatus",level:4},{value:"Cluster",id:"cluster",level:4},{value:"ClusterDisplay",id:"clusterdisplay",level:4},{value:"ClusterGroup",id:"clustergroup",level:4},{value:"ClusterGroupDisplay",id:"clustergroupdisplay",level:4},{value:"ClusterGroupSpec",id:"clustergroupspec",level:4},{value:"ClusterGroupStatus",id:"clustergroupstatus",level:4},{value:"ClusterRegistration",id:"clusterregistration",level:4},{value:"ClusterRegistrationSpec",id:"clusterregistrationspec",level:4},{value:"ClusterRegistrationStatus",id:"clusterregistrationstatus",level:4},{value:"ClusterRegistrationToken",id:"clusterregistrationtoken",level:4},{value:"ClusterRegistrationTokenSpec",id:"clusterregistrationtokenspec",level:4},{value:"ClusterRegistrationTokenStatus",id:"clusterregistrationtokenstatus",level:4},{value:"ClusterSpec",id:"clusterspec",level:4},{value:"ClusterStatus",id:"clusterstatus",level:4}],d={toc:u};function k(t){let{components:e,...a}=t;return(0,l.kt)("wrapper",(0,n.Z)({},d,a,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"custom-resources-spec"},"Custom Resources Spec"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepo"},"GitRepo")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporestriction"},"GitRepoRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundle"},"Bundle")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeployment"},"BundleDeployment")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlenamespacemapping"},"BundleNamespaceMapping")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#content"},"Content")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescan"},"ImageScan")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#cluster"},"Cluster")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroup"},"ClusterGroup")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistration"},"ClusterRegistration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtoken"},"ClusterRegistrationToken"))),(0,l.kt)("h1",{id:"sub-resources"},"Sub Resources"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesource"},"GitRepoResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#gittarget"},"GitTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourceperclusterstate"},"ResourcePerClusterState")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleref"},"BundleRef")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundleresource"},"BundleResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletarget"},"BundleTarget")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#bundletargetrestriction"},"BundleTargetRestriction")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#comparepatch"},"ComparePatch")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#localobjectreference"},"LocalObjectReference")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#modifiedstatus"},"ModifiedStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadyresource"},"NonReadyResource")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#nonreadystatus"},"NonReadyStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#operation"},"Operation")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partition"},"Partition")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#partitionstatus"},"PartitionStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#resourcekey"},"ResourceKey")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#valuesfrom"},"ValuesFrom")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#commitspec"},"CommitSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"#clusterstatus"},"ClusterStatus"))),(0,l.kt)("h4",{id:"gitrepo"},"GitRepo"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepospec"},"GitRepoSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepostatus"},"GitRepoStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepodisplay"},"GitRepoDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundleDeployments"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesource"},"GitRepoResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"type"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"id"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"incompleteState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"perClusterState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourcePerClusterState]","(#resourceperclusterstate)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporesourcecounts"},"GitRepoResourceCounts"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"orphaned"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unknown"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitreporestriction"},"GitRepoRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultServiceAccount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedServiceAccounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedRepoPatterns"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultClientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedClientSecretNames"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"allowedTargetNamespaces"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepospec"},"GitRepoSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is a URL to a git repo to clone and index"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"branch"),(0,l.kt)("td",{parentName:"tr",align:null},"Branch The git branch to follow"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"revision"),(0,l.kt)("td",{parentName:"tr",align:null},"Revision A specific commit or tag to operate on"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"Ensure that all resources are created in this namespace Any cluster scoped resource will be rejected if this is set Additionally this namespace will be created on demand"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},'ClientSecretName is the client secret to be used to connect to the repo It is expected the secret be of type \\"kubernetes.io/basic-auth\\" or \\"kubernetes.io/ssh-auth\\".'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmSecretName"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmSecretName contains the auth secret for private helm repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helmRepoURLRegex"),(0,l.kt)("td",{parentName:"tr",align:null},"HelmRepoURLRegex Helm credentials will be used if the helm repo matches this regex Credentials will always be used if this is empty or not provided"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"caBundle"),(0,l.kt)("td",{parentName:"tr",align:null},"CABundle is a PEM encoded CA bundle which will be used to validate the repo's certificate."),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"insecureSkipTLSVerify"),(0,l.kt)("td",{parentName:"tr",align:null},"InsecureSkipTLSverify will use insecure HTTPS to clone the repo."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paths"),(0,l.kt)("td",{parentName:"tr",align:null},"Paths is the directories relative to the git repo root that contain resources to be applied. Path globbing is support, for example ",'[\\"charts/*\\"]',' will match all folders as a subdirectory of charts/ If empty, \\"/\\" is the default'),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused this cause changes in Git to not be propagated down to the clusters but instead mark resources as OutOfSync"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount used in the downstream cluster for deployment"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets is a list of target this repo will deploy to"),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitTarget]","(#gittarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pollingInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"PollingInterval is how often to check git for new updates"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"Increment this number to force a redeployment of contents from Git"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanInterval"),(0,l.kt)("td",{parentName:"tr",align:null},"ImageScanInterval is the interval of syncing scanned images and writing back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"imageScanCommit"),(0,l.kt)("td",{parentName:"tr",align:null},"Commit specifies how to commit to the git repo when new image is scanned and write back to git repo"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#commitspec"},"CommitSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources specifies if the resources created must be kept after deleting the GitRepo"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gitrepostatus"},"GitRepoStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"commit"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitJobStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitrepodisplay"},"GitRepoDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][GitRepoResource]","(#gitreporesource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceErrors"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSyncedImageScanTime"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"gittarget"},"GitTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourceperclusterstate"},"ResourcePerClusterState"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"error"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"transitioning"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterId"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundle"},"Bundle"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlespec"},"BundleSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlestatus"},"BundleStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeployment"},"BundleDeployment"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentspec"},"BundleDeploymentSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentstatus"},"BundleDeploymentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentdisplay"},"BundleDeploymentDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deployed"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"monitored"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentoptions"},"BundleDeploymentOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"defaultNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"DefaultNamespace is the namespace to use for resources that do not specify a namespace. This field is not used to enforce or lock down the deployment to a specific namespace."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetNamespace if present will assign all resource to this namespace and if any cluster scoped resource exists the deployment will fail."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kustomize"),(0,l.kt)("td",{parentName:"tr",align:null},"Kustomize options for the deployment, like the dir containing the kustomization.yaml file."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#kustomizeoptions"},"KustomizeOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"helm"),(0,l.kt)("td",{parentName:"tr",align:null},"Helm options for the deployment, like the chart name, repo and values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#helmoptions"},"HelmOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"serviceAccount"),(0,l.kt)("td",{parentName:"tr",align:null},"ServiceAccount which will be used to perform this deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"forceSyncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"ForceSyncGeneration is used to force a redeployment"),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"yaml"),(0,l.kt)("td",{parentName:"tr",align:null},"YAML options, if using raw YAML these are names that map to overlays/{name} that will be used to replace or patch a resource."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#yamloptions"},"YAMLOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"diff"),(0,l.kt)("td",{parentName:"tr",align:null},"Diff can be used to ignore the modified state of objects which are amended at runtime."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#diffoptions"},"DiffOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"keepResources"),(0,l.kt)("td",{parentName:"tr",align:null},"KeepResources can be used to keep the deployed resources when removing the bundle"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentspec"},"BundleDeploymentSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"stagedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"options"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"deploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledeploymentstatus"},"BundleDeploymentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"appliedDeploymentID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"release"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonModified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentdisplay"},"BundleDeploymentDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"syncGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundledisplay"},"BundleDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlenamespacemapping"},"BundleNamespaceMapping"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespaceSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleref"},"BundleRef"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundleresource"},"BundleResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"encoding"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlespec"},"BundleSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated. It will be marked as out of sync."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"rolloutStrategy"),(0,l.kt)("td",{parentName:"tr",align:null},"RolloutStrategy controls the rollout of bundles, by defining partitions, canaries and percentages for cluster availability."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#rolloutstrategy"},"RolloutStrategy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resources"),(0,l.kt)("td",{parentName:"tr",align:null},"Resources contain the actual resources from the git repo which will be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleResource]","(#bundleresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targets"),(0,l.kt)("td",{parentName:"tr",align:null},"Targets refer to the clusters which will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTarget]","(#bundletarget)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"targetRestrictions"),(0,l.kt)("td",{parentName:"tr",align:null},"TargetRestrictions restrict which clusters the bundle will be deployed to."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleTargetRestriction]","(#bundletargetrestriction)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dependsOn"),(0,l.kt)("td",{parentName:"tr",align:null},"DependsOn refers to the bundles which must be ready before this bundle can be deployed."),(0,l.kt)("td",{parentName:"tr",align:null},"[][BundleRef]","(#bundleref)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlestatus"},"BundleStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"newlyCreated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxNew"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][PartitionStatus]","(#partitionstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledisplay"},"BundleDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceKey"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ResourceKey]","(#resourcekey)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundlesummary"},"BundleSummary"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"notReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"errApplied"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"outOfSync"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modified"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ready"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"pending"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReady"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyResources"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyResource]","(#nonreadyresource)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletarget"},"BundleTarget"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"BundleDeploymentOptions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundledeploymentoptions"},"BundleDeploymentOptions")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"bundletargetrestriction"},"BundleTargetRestriction"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"comparepatch"},"ComparePatch"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"operations"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Operation]","(#operation)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"jsonPointers"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"configmapkeyselector"},"ConfigMapKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"content"},"Content"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"content"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]byte"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"diffoptions"},"DiffOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"comparePatches"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ComparePatch]","(#comparepatch)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"helmoptions"},"HelmOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"chart"),(0,l.kt)("td",{parentName:"tr",align:null},"Chart can refer to any go-getter URL or OCI registry based helm chart URL. The chart will be downloaded."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"repo"),(0,l.kt)("td",{parentName:"tr",align:null},"Repo is the name of the HTTPS helm repo to download the chart from."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"releaseName"),(0,l.kt)("td",{parentName:"tr",align:null},"ReleaseName sets a custom release name to deploy the chart as. If not specified a release name will be generated by combining the invoking GitRepo.name + GitRepo.path."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"version"),(0,l.kt)("td",{parentName:"tr",align:null},"Version of the chart to download"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"TimeoutSeconds is the time to wait for Helm operations."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"values"),(0,l.kt)("td",{parentName:"tr",align:null},"Values passed to Helm. It is possible to specify the keys and values as go template strings."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFrom"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFrom loads the values from configmaps and secrets."),(0,l.kt)("td",{parentName:"tr",align:null},"[][ValuesFrom]","(#valuesfrom)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"force"),(0,l.kt)("td",{parentName:"tr",align:null},"Force allows to override immutable resources. This could be dangerous."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"takeOwnership"),(0,l.kt)("td",{parentName:"tr",align:null},"TakeOwnership makes helm skip the check for its own annotations"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxHistory"),(0,l.kt)("td",{parentName:"tr",align:null},"MaxHistory limits the maximum number of revisions saved per release by Helm."),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"valuesFiles"),(0,l.kt)("td",{parentName:"tr",align:null},"ValuesFiles is a list of files to load values from."),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"waitForJobs"),(0,l.kt)("td",{parentName:"tr",align:null},"WaitForJobs if set and timeoutSeconds provided, will wait until all Jobs have been completed before marking the GitRepo as ready. It will wait for as long as timeoutSeconds"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"atomic"),(0,l.kt)("td",{parentName:"tr",align:null},"Atomic sets the --atomic flag when Helm is performing an upgrade"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"disablePreProcess"),(0,l.kt)("td",{parentName:"tr",align:null},"DisablePreProcess disables template processing in values"),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"kustomizeoptions"},"KustomizeOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"dir"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"localobjectreference"},"LocalObjectReference"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"modifiedstatus"},"ModifiedStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"missing"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"delete"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"patch"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadyresource"},"NonReadyResource"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"bundleState"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"BundleState"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"message"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"modifiedStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][ModifiedStatus]","(#modifiedstatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyStatus"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][NonReadyStatus]","(#nonreadystatus)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"nonreadystatus"},"NonReadyStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"uid"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"types.UID"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"summary.Summary"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"operation"},"Operation"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"op"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"path"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"value"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partition"},"Partition"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroup"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterGroupSelector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"partitionstatus"},"PartitionStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"count"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"unavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"resourcekey"},"ResourceKey"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kind"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"apiVersion"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"name"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"rolloutstrategy"},"RolloutStrategy"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailable"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"maxUnavailablePartitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"autoPartitionSize"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*intstr.IntOrString"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"partitions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[][Partition]","(#partition)"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"secretkeyselector"},"SecretKeySelector"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"key"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"valuesfrom"},"ValuesFrom"),(0,l.kt)("p",null,"Define helm values that can come from configmap, secret or external. Credit: ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439"},"https://github.com/fluxcd/helm-operator/blob/0cfea875b5d44bea995abe7324819432070dfbdc/pkg/apis/helm.fluxcd.io/v1/types_helmrelease.go#L439")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"configMapKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a config map with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#configmapkeyselector"},"ConfigMapKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretKeyRef"),(0,l.kt)("td",{parentName:"tr",align:null},"The reference to a secret with release values."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#secretkeyselector"},"SecretKeySelector")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"yamloptions"},"YAMLOptions"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"overlays"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"alphabeticalpolicy"},"AlphabeticalPolicy"),(0,l.kt)("p",null,"AlphabeticalPolicy specifies a alphabetical ordering policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"order"),(0,l.kt)("td",{parentName:"tr",align:null},"Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"commitspec"},"CommitSpec"),(0,l.kt)("p",null,"CommitSpec specifies how to commit changes to the git repository"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorName"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorName gives the name to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"authorEmail"),(0,l.kt)("td",{parentName:"tr",align:null},"AuthorEmail gives the email to provide when making a commit"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"messageTemplate"),(0,l.kt)("td",{parentName:"tr",align:null},"MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagepolicychoice"},"ImagePolicyChoice"),(0,l.kt)("p",null,"ImagePolicyChoice is a union of all the types of policy that can be supplied."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"semver"),(0,l.kt)("td",{parentName:"tr",align:null},"SemVer gives a semantic version range to check against the tags available."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#semverpolicy"},"SemVerPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"alphabetical"),(0,l.kt)("td",{parentName:"tr",align:null},"Alphabetical set of rules to use for alphabetical ordering of the tags."),(0,l.kt)("td",{parentName:"tr",align:null},"*",(0,l.kt)("a",{parentName:"td",href:"#alphabeticalpolicy"},"AlphabeticalPolicy")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescan"},"ImageScan"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanspec"},"ImageScanSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagescanstatus"},"ImageScanStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanspec"},"ImageScanSpec"),(0,l.kt)("p",null,"API is taken from ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/fluxcd/image-reflector-controller"},"https://github.com/fluxcd/image-reflector-controller")),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"tagName"),(0,l.kt)("td",{parentName:"tr",align:null},"TagName is the tag ref that needs to be put in manifest to replace fields"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"gitrepoName"),(0,l.kt)("td",{parentName:"tr",align:null},"GitRepo reference name"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"image"),(0,l.kt)("td",{parentName:"tr",align:null},"Image is the name of the image repository"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"interval"),(0,l.kt)("td",{parentName:"tr",align:null},"Interval is the length of time to wait between scans of the image repository."),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretRef"),(0,l.kt)("td",{parentName:"tr",align:null},"SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with ",(0,l.kt)("inlineCode",{parentName:"td"},"kubectl create secret docker-registry"),", or the equivalent."),(0,l.kt)("td",{parentName:"tr",align:null},"*corev1.LocalObjectReference"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"suspend"),(0,l.kt)("td",{parentName:"tr",align:null},"This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"policy"),(0,l.kt)("td",{parentName:"tr",align:null},"Policy gives the particulars of the policy to be followed in selecting the most recent image"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#imagepolicychoice"},"ImagePolicyChoice")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"imagescanstatus"},"ImageScanStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastScanTime"),(0,l.kt)("td",{parentName:"tr",align:null},"LastScanTime is the last time image was scanned"),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestImage"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestTag"),(0,l.kt)("td",{parentName:"tr",align:null},"Latest tag is the latest tag filtered by the policy"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"latestDigest"),(0,l.kt)("td",{parentName:"tr",align:null},"LatestDigest is the digest of latest tag"),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"observedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"canonicalImageName"),(0,l.kt)("td",{parentName:"tr",align:null},"CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., ",(0,l.kt)("inlineCode",{parentName:"td"},"docker.io/library/alpine")," rather than ",(0,l.kt)("inlineCode",{parentName:"td"},"alpine"),"."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"semverpolicy"},"SemVerPolicy"),(0,l.kt)("p",null,"SemVerPolicy specifies a semantic version policy."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"range"),(0,l.kt)("td",{parentName:"tr",align:null},"Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"agentstatus"},"AgentStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"lastSeen"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodeNames"),(0,l.kt)("td",{parentName:"tr",align:null},"At most 3 nodes"),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"cluster"},"Cluster"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterspec"},"ClusterSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterstatus"},"ClusterStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterdisplay"},"ClusterDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyNodes"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"sampleNode"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroup"},"ClusterGroup"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupspec"},"ClusterGroupSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupstatus"},"ClusterGroupStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"true")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupdisplay"},"ClusterGroupDisplay"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyBundles"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"state"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupspec"},"ClusterGroupSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"selector"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.LabelSelector"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clustergroupstatus"},"ClusterGroupStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusterCount"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"nonReadyClusters"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clustergroupdisplay"},"ClusterGroupDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistration"},"ClusterRegistration"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationspec"},"ClusterRegistrationSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationstatus"},"ClusterRegistrationStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationspec"},"ClusterRegistrationSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientRandom"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterLabels"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"map","[string]","string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationstatus"},"ClusterRegistrationStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clusterName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"granted"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtoken"},"ClusterRegistrationToken"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"metadata"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"metav1.ObjectMeta"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"spec"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"status"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenspec"},"ClusterRegistrationTokenSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"ttl"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Duration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterregistrationtokenstatus"},"ClusterRegistrationTokenStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"expires"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*metav1.Time"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"secretName"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterspec"},"ClusterSpec"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"paused"),(0,l.kt)("td",{parentName:"tr",align:null},"Paused if set to true, will stop any BundleDeployments from being updated."),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"clientID"),(0,l.kt)("td",{parentName:"tr",align:null},"ClientID is a unique string that will identify the cluster. It can either be predefined, or generated when importing the cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"kubeConfigSecret"),(0,l.kt)("td",{parentName:"tr",align:null},"KubeConfigSecret is the name of the secret containing the kubeconfig for the downstream cluster."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"redeployAgentGeneration"),(0,l.kt)("td",{parentName:"tr",align:null},"RedeployAgentGeneration can be used to force redeploying the agent."),(0,l.kt)("td",{parentName:"tr",align:null},"int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVars"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentEnvVars are extra environment variables to be added to the agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.EnvVar"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespace"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentNamespace defaults to the system namespace, e.g. cattle-fleet-system."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"privateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null},"PrivateRepoURL prefixes the image name and overrides a global repo URL from the agents config."),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"templateValues"),(0,l.kt)("td",{parentName:"tr",align:null},"TemplateValues defines a cluster specific mapping of values to be sent to fleet.yaml values templating."),(0,l.kt)("td",{parentName:"tr",align:null},"*GenericMap"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentTolerations"),(0,l.kt)("td",{parentName:"tr",align:null},"AgentTolerations defines an extra set of Tolerations to be added to the Agent deployment."),(0,l.kt)("td",{parentName:"tr",align:null},"[]v1.Toleration"),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")),(0,l.kt)("h4",{id:"clusterstatus"},"ClusterStatus"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Field"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Scheme"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"conditions"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"[]genericcondition.GenericCondition"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"namespace"),(0,l.kt)("td",{parentName:"tr",align:null},'Namespace is the cluster namespace, it contains the clusters service account as well as any bundledeployments. Example: \\"cluster-fleet-local-cluster-294db1acfa77-d9ccf852678f\\"'),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"summary"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#bundlesummary"},"BundleSummary")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"resourceCounts"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#gitreporesourcecounts"},"GitRepoResourceCounts")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"readyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"desiredReadyGitRepos"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"int"),(0,l.kt)("td",{parentName:"tr",align:null},"true")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentEnvVarsHash"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentPrivateRepoURL"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"string"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentDeployedGeneration"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"*int64"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agentNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"cattleNamespaceMigrated"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},"bool"),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"display"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#clusterdisplay"},"ClusterDisplay")),(0,l.kt)("td",{parentName:"tr",align:null},"false")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},"agent"),(0,l.kt)("td",{parentName:"tr",align:null}),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("a",{parentName:"td",href:"#agentstatus"},"AgentStatus")),(0,l.kt)("td",{parentName:"tr",align:null},"false")))),(0,l.kt)("p",null,(0,l.kt)("a",{parentName:"p",href:"#custom-resources"},"Back to Custom Resources")))}k.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f6748474.360e68bc.js b/assets/js/f6748474.a04324b6.js similarity index 96% rename from assets/js/f6748474.360e68bc.js rename to assets/js/f6748474.a04324b6.js index bc054e26e..c61dcd606 100644 --- a/assets/js/f6748474.360e68bc.js +++ b/assets/js/f6748474.a04324b6.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4339],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.4/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.4/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.4/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-overview.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.4/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4339],{3905:(e,t,r)=>{r.d(t,{Zo:()=>u,kt:()=>g});var n=r(7294);function i(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(i[r]=e[r]);return i}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(i[r]=e[r])}return i}var l=n.createContext({}),c=function(e){var t=n.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},u=function(e){var t=c(e.components);return n.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,i=e.mdxType,a=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(r),g=i,m=d["".concat(l,".").concat(g)]||d[g]||p[g]||a;return r?n.createElement(m,o(o({ref:t},u),{},{components:r})):n.createElement(m,o({ref:t},u))}));function g(e,t){var r=arguments,i=t&&t.mdxType;if("string"==typeof e||i){var a=r.length,o=new Array(a);o[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:i,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>l,contentTitle:()=>o,default:()=>p,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var n=r(7462),i=(r(7294),r(3905));const a={},o="Overview",s={unversionedId:"cluster-overview",id:"version-0.4/cluster-overview",title:"Overview",description:"There are two specific styles to registering clusters. These styles will be referred",source:"@site/versioned_docs/version-0.4/cluster-overview.md",sourceDirName:".",slug:"/cluster-overview",permalink:"/0.4/cluster-overview",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/cluster-overview.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Examples",permalink:"/0.4/examples"},next:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"}},l={},c=[{value:"Agent Initiated Registration",id:"agent-initiated-registration",level:2},{value:"Manager Initiated Registration",id:"manager-initiated-registration",level:2}],u={toc:c};function p(e){let{components:t,...r}=e;return(0,i.kt)("wrapper",(0,n.Z)({},u,r,{components:t,mdxType:"MDXLayout"}),(0,i.kt)("h1",{id:"overview"},"Overview"),(0,i.kt)("p",null,"There are two specific styles to registering clusters. These styles will be referred\nto as ",(0,i.kt)("strong",{parentName:"p"},"agent initiated")," and ",(0,i.kt)("strong",{parentName:"p"},"manager initiated")," registration. Typically one would\ngo with the agent initiated registration but there are specific use cases in which\nmanager initiated is a better workflow."),(0,i.kt)("h2",{id:"agent-initiated-registration"},"Agent Initiated Registration"),(0,i.kt)("p",null,"Agent initiated refers to a pattern in which the downstream cluster installs an agent with a\n",(0,i.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token")," and optionally a client ID. The cluster\nagent will then make a API request to the Fleet manager and initiate the registration process. Using\nthis process the Manager will never make an outbound API request to the downstream clusters and will thus\nnever need to have direct network access. The downstream cluster only needs to make outbound HTTPS\ncalls to the manager."),(0,i.kt)("h2",{id:"manager-initiated-registration"},"Manager Initiated Registration"),(0,i.kt)("p",null,"Manager initiated registration is a process in which you register an existing Kubernetes cluster\nwith the Fleet manager and the Fleet manager will make an API call to the downstream cluster to\ndeploy the agent. This style can place additional network access requirements because the Fleet\nmanager must be able to communicate with the downstream cluster API server for the registration process.\nAfter the cluster is registered there is no further need for the manager to contact the downstream\ncluster API. This style is more compatible if you wish to manage the creation of all your Kubernetes\nclusters through GitOps using something like ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/kubernetes-sigs/cluster-api"},"cluster-api"),"\nor ",(0,i.kt)("a",{parentName:"p",href:"https://github.com/rancher/rancher"},"Rancher"),"."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f7c88408.cf7d1a26.js b/assets/js/f7c88408.d5e385f8.js similarity index 98% rename from assets/js/f7c88408.cf7d1a26.js rename to assets/js/f7c88408.d5e385f8.js index 0e545f8d3..b121c970e 100644 --- a/assets/js/f7c88408.cf7d1a26.js +++ b/assets/js/f7c88408.d5e385f8.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4235],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.6/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.6/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.6/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/multi-user.md",tags:[],version:"0.6",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.6/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.6/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.6/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.6/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[4235],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>d});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function s(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function l(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var i=r.createContext({}),c=function(e){var t=r.useContext(i),n=t;return e&&(n="function"==typeof e?e(t):l(l({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,s=e.originalType,i=e.parentName,p=o(e,["components","mdxType","originalType","parentName"]),m=c(n),d=a,h=m["".concat(i,".").concat(d)]||m[d]||u[d]||s;return n?r.createElement(h,l(l({ref:t},p),{},{components:n})):r.createElement(h,l({ref:t},p))}));function d(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var s=n.length,l=new Array(s);l[0]=m;var o={};for(var i in t)hasOwnProperty.call(t,i)&&(o[i]=t[i]);o.originalType=e,o.mdxType="string"==typeof e?e:a,l[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>l,default:()=>u,frontMatter:()=>s,metadata:()=>o,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const s={},l="Setup Multi User",o={unversionedId:"multi-user",id:"version-0.6/multi-user",title:"Setup Multi User",description:"Fleet uses Kubernetes RBAC where possible.",source:"@site/versioned_docs/version-0.6/multi-user.md",sourceDirName:".",slug:"/multi-user",permalink:"/0.6/multi-user",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.6/multi-user.md",tags:[],version:"0.6",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Create Cluster Groups",permalink:"/0.6/cluster-group"},next:{title:"Create a GitRepo Resource",permalink:"/0.6/gitrepo-add"}},i={},c=[{value:"Example User",id:"example-user",level:2},{value:"Allow Access to Clusters",id:"allow-access-to-clusters",level:2},{value:"Restricting Access to Downstream Clusters",id:"restricting-access-to-downstream-clusters",level:2},{value:"An Example GitRepo Resource",id:"an-example-gitrepo-resource",level:2}],p={toc:c};function u(e){let{components:t,...s}=e;return(0,a.kt)("wrapper",(0,r.Z)({},p,s,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"setup-multi-user"},"Setup Multi User"),(0,a.kt)("p",null,"Fleet uses Kubernetes RBAC where possible."),(0,a.kt)("p",null,"One addition on top of RBAC is the ",(0,a.kt)("a",{parentName:"p",href:"/0.6/namespaces#restricting-gitrepos"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepoRestriction"))," resource, which can be used to control GitRepo resources in a namespace."),(0,a.kt)("p",null,"A multi-user fleet setup looks like this:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"tenants don't share namespaces, each tenant has one or more namespaces on the\nupstream cluster, where they can create GitRepo resources"),(0,a.kt)("li",{parentName:"ul"},"tenants can't deploy cluster wide resources and are limited to a set of\nnamespaces on downstream clusters"),(0,a.kt)("li",{parentName:"ul"},"clusters are in a separate namespace")),(0,a.kt)("p",null,(0,a.kt)("img",{alt:"Shared Clusters",src:n(9497).Z,width:"2488",height:"1769"})),(0,a.kt)("admonition",{title:"important information",type:"warning"},(0,a.kt)("p",{parentName:"admonition"},"The isolation of tenants is not complete and relies on Kubernetes RBAC to be\nset up correctly. Without manual setup from an operator tenants can still\ndeploy cluster wide resources. Even with the available Fleet restrictions,\nusers are only restricted to namespaces, but namespaces don't provide much\nisolation on their own. E.g. they can still consume as many resources as they\nlike."),(0,a.kt)("p",{parentName:"admonition"},"However, the existing Fleet restrictions allow users to share clusters, and\ndeploy resources without conflicts.")),(0,a.kt)("h2",{id:"example-user"},"Example User"),(0,a.kt)("p",null,"This would create a user 'fleetuser', who can only manage GitRepo resources in the 'project1' namespace."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create serviceaccount fleetuser\nkubectl create namespace project1\nkubectl create -n project1 role fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --role=fleetuser\n")),(0,a.kt)("p",null,"If we want to give access to multiple namespaces, we can use a single cluster role with two role bindings:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kubectl create clusterrole fleetuser --verb=get --verb=list --verb=create --verb=delete --resource=gitrepos.fleet.cattle.io\nkubectl create -n project1 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\nkubectl create -n project2 rolebinding fleetuser --serviceaccount=default:fleetuser --clusterrole=fleetuser\n")),(0,a.kt)("p",null,"This makes sure, tenants can't interfere with GitRepo resources from other tenants, since they don't have access to their namespaces."),(0,a.kt)("h2",{id:"allow-access-to-clusters"},"Allow Access to Clusters"),(0,a.kt)("p",null,"This assumes all GitRepos created by 'fleetuser' have the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label. Different labels could be used, to select different cluster namespaces."),(0,a.kt)("p",null,"In each of the user's namespaces, as an admin create a ",(0,a.kt)("a",{parentName:"p",href:"/0.6/namespaces#cross-namespace-deployments"},(0,a.kt)("inlineCode",{parentName:"a"},"BundleNamespaceMapping")),"."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: mapping\n namespace: project1\n\n# Bundles to match by label.\n# The labels are defined in the fleet.yaml # labels field or from the\n# GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n team: one\n # or target one repo\n #fleet.cattle.io/repo-name: simpleapp\n\n# Namespaces, containing clusters, to match by label\nnamespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: fleet-default\n # the label is on the namespace\n #workspace: prod\n")),(0,a.kt)("p",null,"The ",(0,a.kt)("a",{parentName:"p",href:"/0.6/gitrepo-targets"},(0,a.kt)("inlineCode",{parentName:"a"},"target")," section")," in the GitRepo resource can be used to deploy only to a subset of the matched clusters."),(0,a.kt)("h2",{id:"restricting-access-to-downstream-clusters"},"Restricting Access to Downstream Clusters"),(0,a.kt)("p",null,"Admins can further restrict tenants by creating a ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," in each of their namespaces."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: project1\n\nallowedTargetNamespaces:\n - project1simpleapp\n")),(0,a.kt)("p",null,"This will deny the creation of cluster wide resources, which may interfere with other tenants and limit the deployment to the 'project1simpleapp' namespace."),(0,a.kt)("h2",{id:"an-example-gitrepo-resource"},"An Example GitRepo Resource"),(0,a.kt)("p",null,"A GitRepo resource created by a tenant, without admin access could look like this:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: simpleapp\n namespace: project1\n labels:\n team: one\n\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - bundle-diffs\n\n targetNamespace: project1simpleapp\n\n # do not match the upstream/local cluster, won't work\n targets:\n - name: dev\n clusterSelector:\n matchLabels:\n env: dev\n")),(0,a.kt)("p",null,"This includes the ",(0,a.kt)("inlineCode",{parentName:"p"},"team: one")," label and and the required ",(0,a.kt)("inlineCode",{parentName:"p"},"targetNamespace"),"."),(0,a.kt)("p",null,"Together with the previous ",(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," it would target all clusters with a ",(0,a.kt)("inlineCode",{parentName:"p"},"env: dev")," label in the 'fleet-default' namespace."),(0,a.kt)("admonition",{type:"note"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," do not work with local clusters, so make sure not to target them.")))}u.isMDXComponent=!0},9497:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetSharedClusters-b68f6c53b43cbb795e4d81cda9ebc2bc.svg"}}]); \ No newline at end of file diff --git a/assets/js/f7cf1511.9bffbbf9.js b/assets/js/f7cf1511.93078c5d.js similarity index 99% rename from assets/js/f7cf1511.9bffbbf9.js rename to assets/js/f7cf1511.93078c5d.js index c8fd44f7a..13d451afc 100644 --- a/assets/js/f7cf1511.9bffbbf9.js +++ b/assets/js/f7cf1511.93078c5d.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5225],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.5/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.5/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.5/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/troubleshooting.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.5/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5225],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>u});var o=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,o)}return n}function r(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(o=0;o=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=o.createContext({}),c=function(e){var t=o.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):r(r({},t),e)),n},p=function(e){var t=c(e.components);return o.createElement(s.Provider,{value:t},e.children)},d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},h=o.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),h=c(n),u=a,m=h["".concat(s,".").concat(u)]||h[u]||d[u]||l;return n?o.createElement(m,r(r({ref:t},p),{},{components:n})):o.createElement(m,r({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,r=new Array(l);r[0]=h;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:a,r[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var o=n(7462),a=(n(7294),n(3905));const l={},r="Troubleshooting",i={unversionedId:"troubleshooting",id:"version-0.5/troubleshooting",title:"Troubleshooting",description:"This section contains commands and tips to troubleshoot Fleet.",source:"@site/versioned_docs/version-0.5/troubleshooting.md",sourceDirName:".",slug:"/troubleshooting",permalink:"/0.5/troubleshooting",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/troubleshooting.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster and Bundle state",permalink:"/0.5/cluster-bundles-state"},next:{title:"Advanced Users",permalink:"/0.5/advanced-users"}},s={},c=[{value:"How Do I...",id:"how-do-i",level:2},{value:"Fetch the log from fleet-controller?",id:"fetch-the-log-from-fleet-controller",level:3},{value:"Fetch the log from the fleet-agent?",id:"fetch-the-log-from-the-fleet-agent",level:3},{value:"Fetch detailed error logs from GitRepos and Bundles?",id:"fetch-detailed-error-logs-from-gitrepos-and-bundles",level:3},{value:"Check a chart rendering error in Kustomize?",id:"check-a-chart-rendering-error-in-kustomize",level:3},{value:"Check errors about watching or checking out the GitRepo, or about the downloaded Helm repo in fleet.yaml?",id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml",level:3},{value:"Check the status of the fleet-controller?",id:"check-the-status-of-the-fleet-controller",level:3},{value:"Enable debug logging for fleet-controller and fleet-agent?",id:"enable-debug-logging-for-fleet-controller-and-fleet-agent",level:3},{value:"Additional Solutions for Other Fleet Issues",id:"additional-solutions-for-other-fleet-issues",level:2},{value:"Naming conventions for CRDs",id:"naming-conventions-for-crds",level:3},{value:"HTTP secrets in Github",id:"http-secrets-in-github",level:3},{value:"Fleet fails with bad response code: 403",id:"fleet-fails-with-bad-response-code-403",level:3},{value:"Helm chart repo: certificate signed by unknown authority",id:"helm-chart-repo-certificate-signed-by-unknown-authority",level:3},{value:"Fleet deployment stuck in modified state",id:"fleet-deployment-stuck-in-modified-state",level:3},{value:"GitRepo or Bundle stuck in modified state",id:"gitrepo-or-bundle-stuck-in-modified-state",level:3},{value:"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state",id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state",level:3},{value:"What if the cluster is unavailable, or is in a WaitCheckIn state?",id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state",level:3},{value:"GitRepo complains with gzip: invalid header",id:"gitrepo-complains-with-gzip-invalid-header",level:3},{value:"Migrate the local cluster to the Fleet default cluster workspace?",id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace",level:3}],p={toc:c};function d(e){let{components:t,...n}=e;return(0,a.kt)("wrapper",(0,o.Z)({},p,n,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"troubleshooting"},"Troubleshooting"),(0,a.kt)("p",null,"This section contains commands and tips to troubleshoot Fleet."),(0,a.kt)("h2",{id:"how-do-i"},(0,a.kt)("strong",{parentName:"h2"},"How Do I...")),(0,a.kt)("h3",{id:"fetch-the-log-from-fleet-controller"},"Fetch the log from ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"In the local management cluster where the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is deployed, run the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -l app=fleet-controller -n cattle-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-the-log-from-the-fleet-agent"},"Fetch the log from the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Go to each downstream cluster and run the following command for the local cluster with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"# Downstream cluster\n$ kubectl logs -l app=fleet-agent -n cattle-fleet-system\n# Local cluster\n$ kubectl logs -l app=fleet-agent -n cattle-local-fleet-system\n")),(0,a.kt)("h3",{id:"fetch-detailed-error-logs-from-gitrepos-and-bundles"},"Fetch detailed error logs from ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepos")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundles"),"?"),(0,a.kt)("p",null,"Normally, errors should appear in the Rancher UI. However, if there is not enough information displayed about the error there, you can research further by trying one or more of the following as needed:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"For more information about the bundle, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"bundle"),", and the YAML mode will be enabled. "),(0,a.kt)("li",{parentName:"ul"},"For more information about the GitRepo, click on ",(0,a.kt)("inlineCode",{parentName:"li"},"GitRepo"),", then click on ",(0,a.kt)("inlineCode",{parentName:"li"},"View Yaml")," in the upper right of the screen. After viewing the YAML, check ",(0,a.kt)("inlineCode",{parentName:"li"},"status.conditions"),"; a detailed error message should be displayed here."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-controller")," for synching errors."),(0,a.kt)("li",{parentName:"ul"},"Check the ",(0,a.kt)("inlineCode",{parentName:"li"},"fleet-agent")," log in the downstream cluster if you encounter issues when deploying the bundle.")),(0,a.kt)("h3",{id:"check-a-chart-rendering-error-in-kustomize"},"Check a chart rendering error in ",(0,a.kt)("inlineCode",{parentName:"h3"},"Kustomize"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-fleet-controller"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-controller")," logs")," and the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/troubleshooting#fetch-the-log-from-the-fleet-agent"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet-agent")," logs"),"."),(0,a.kt)("h3",{id:"check-errors-about-watching-or-checking-out-the-gitrepo-or-about-the-downloaded-helm-repo-in-fleetyaml"},"Check errors about watching or checking out the ",(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo"),", or about the downloaded Helm repo in ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet.yaml"),"?"),(0,a.kt)("p",null,"Check the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob-controller")," logs using the following command with your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitjob")," pod name filled in:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitjob-pod-name -n cattle-fleet-system\n")),(0,a.kt)("p",null,"Note that there are two containers inside the pod: the ",(0,a.kt)("inlineCode",{parentName:"p"},"step-git-source")," container that clones the git repo, and the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet")," container that applies bundles based on the git repo. "),(0,a.kt)("p",null,"The pods will usually have images named ",(0,a.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," with the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepo")," name as a prefix. Check the logs for these Kubernetes job pods in the local management cluster as follows, filling in your specific ",(0,a.kt)("inlineCode",{parentName:"p"},"gitRepoName")," pod name and namespace:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},"$ kubectl logs -f $gitRepoName-pod-name -n namespace\n")),(0,a.kt)("h3",{id:"check-the-status-of-the-fleet-controller"},"Check the status of the ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller"),"?"),(0,a.kt)("p",null,"You can check the status of the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," pods by running the commands below:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,a.kt)("h3",{id:"enable-debug-logging-for-fleet-controller-and-fleet-agent"},"Enable debug logging for ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-controller")," and ",(0,a.kt)("inlineCode",{parentName:"h3"},"fleet-agent"),"?"),(0,a.kt)("p",null,"Available in Rancher v2.6.3 (Fleet v0.3.8), the ability to enable debug logging has been added."),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Go to the ",(0,a.kt)("strong",{parentName:"li"},"Dashboard"),", then click on the ",(0,a.kt)("strong",{parentName:"li"},"local cluster")," in the left navigation menu "),(0,a.kt)("li",{parentName:"ul"},"Select ",(0,a.kt)("strong",{parentName:"li"},"Apps & Marketplace"),", then ",(0,a.kt)("strong",{parentName:"li"},"Installed Apps")," from the dropdown "),(0,a.kt)("li",{parentName:"ul"},"From there, you will upgrade the Fleet chart with the value ",(0,a.kt)("inlineCode",{parentName:"li"},"debug=true"),". You can also set ",(0,a.kt)("inlineCode",{parentName:"li"},"debugLevel=5")," if desired.")),(0,a.kt)("h2",{id:"additional-solutions-for-other-fleet-issues"},(0,a.kt)("strong",{parentName:"h2"},"Additional Solutions for Other Fleet Issues")),(0,a.kt)("h3",{id:"naming-conventions-for-crds"},"Naming conventions for CRDs"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"For CRD terms like ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepos"),", you must reference the full CRD name. For example, the cluster CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"cluster.fleet.cattle.io"),", and the gitrepo CRD's complete name is ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo.fleet.cattle.io"),".")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"Bundles"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$gitrepoName-$path")," in the same workspace/namespace where the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," was created. Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$path")," is the path directory in the git repository that contains the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle")," (",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml"),").")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("inlineCode",{parentName:"p"},"BundleDeployments"),", which are created from the ",(0,a.kt)("inlineCode",{parentName:"p"},"bundle"),", follow the pattern ",(0,a.kt)("inlineCode",{parentName:"p"},"$bundleName-$clusterName")," in the namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"clusters-$workspace-$cluster-$generateHash"),". Note that ",(0,a.kt)("inlineCode",{parentName:"p"},"$clusterName")," is the cluster to which the bundle will be deployed."))),(0,a.kt)("h3",{id:"http-secrets-in-github"},"HTTP secrets in Github"),(0,a.kt)("p",null,"When testing Fleet with private git repositories, you will notice that HTTP secrets are no longer supported in Github. To work around this issue, follow these steps:"),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},"Create a ",(0,a.kt)("a",{parentName:"li",href:"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token"},"personal access token")," in Github."),(0,a.kt)("li",{parentName:"ol"},"In Rancher, create an HTTP ",(0,a.kt)("a",{parentName:"li",href:"https://rancher.com/docs/rancher/v2.6/en/k8s-in-rancher/secrets/"},"secret")," with your Github username."),(0,a.kt)("li",{parentName:"ol"},"Use your token as the secret.")),(0,a.kt)("h3",{id:"fleet-fails-with-bad-response-code-403"},"Fleet fails with bad response code: 403"),(0,a.kt)("p",null,"If your GitJob returns the error below, the problem may be that Fleet cannot access the Helm repo you specified in your ",(0,a.kt)("a",{parentName:"p",href:"/0.5/gitrepo-structure"},(0,a.kt)("inlineCode",{parentName:"a"},"fleet.yaml")),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-04T09:21:24Z" level=fatal msg="bad response code: 403"\n')),(0,a.kt)("p",null,"Perform the following steps to assess:"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},"Check that your repo is accessible from your dev machine, and that you can download the Helm chart successfully"),(0,a.kt)("li",{parentName:"ul"},"Check that your credentials for the git repo are valid")),(0,a.kt)("h3",{id:"helm-chart-repo-certificate-signed-by-unknown-authority"},"Helm chart repo: certificate signed by unknown authority"),(0,a.kt)("p",null,"If your GitJob returns the error below, you may have added the wrong certificate chain:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'time="2021-11-11T05:55:08Z" level=fatal msg="Get \\"https://helm.intra/virtual-helm/index.yaml\\": x509: certificate signed by unknown authority" \n')),(0,a.kt)("p",null,"Please verify your certificate with the following command:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-bash"},"context=playground-local\nkubectl get secret -n fleet-default helm-repo -o jsonpath=\"{['data']['cacerts']}\" --context $context | base64 -d | openssl x509 -text -noout\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 7a:1e:df:79:5f:b0:e0:be:49:de:11:5e:d9:9c:a9:71\n Signature Algorithm: sha512WithRSAEncryption\n Issuer: C = CH, O = MY COMPANY, CN = NOP Root CA G3\n...\n\n")),(0,a.kt)("h3",{id:"fleet-deployment-stuck-in-modified-state"},"Fleet deployment stuck in modified state"),(0,a.kt)("p",null,'When you deploy bundles to Fleet, some of the components are modified, and this causes the "modified" flag in the Fleet environment.'),(0,a.kt)("p",null,"To ignore the modified flag for the differences between the Helm install generated by ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," and the resource in your cluster, add a ",(0,a.kt)("inlineCode",{parentName:"p"},"diff.comparePatches")," to the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," for your Deployment, as shown in this example:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'defaultNamespace: \nhelm: \n releaseName: \n repo: \n chart: \ndiff: \n comparePatches: \n - apiVersion: apps/v1\n kind: Deployment\n operations:\n - {"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n - {"op":"remove", "path":"/spec/template/spec/nodeSelector"}\n jsonPointers: # jsonPointers allows to ignore diffs at certain json path\n - "/spec/template/spec/priorityClassName"\n - "/spec/template/spec/tolerations" \n')),(0,a.kt)("p",null,"To determine which operations should be removed, observe the logs from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-agent")," on the target cluster. You should see entries similar to the following:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-text"},'level=error msg="bundle monitoring-monitoring: deployment.apps monitoring/monitoring-monitoring-kube-state-metrics modified {\\"spec\\":{\\"template\\":{\\"spec\\":{\\"hostNetwork\\":false}}}}"\n')),(0,a.kt)("p",null,"Based on the above log, you can add the following entry to remove the operation:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-json"},'{"op":"remove", "path":"/spec/template/spec/hostNetwork"}\n')),(0,a.kt)("h3",{id:"gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"h3"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"h3"},"Bundle")," stuck in modified state"),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Modified")," means that there is a mismatch between the actual state and the desired state, the source of truth, which lives in the git repository."),(0,a.kt)("ol",null,(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"Check the ",(0,a.kt)("a",{parentName:"p",href:"/0.5/bundle-diffs"},"bundle diffs documentation")," for more information. ")),(0,a.kt)("li",{parentName:"ol"},(0,a.kt)("p",{parentName:"li"},"You can also force update the ",(0,a.kt)("inlineCode",{parentName:"p"},"gitrepo")," to perform a manual resync. Select ",(0,a.kt)("strong",{parentName:"p"},"GitRepo")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update"),"."))),(0,a.kt)("h3",{id:"bundle-has-a-horizontal-pod-autoscaler-hpa-in-modified-state"},"Bundle has a Horizontal Pod Autoscaler (HPA) in modified state"),(0,a.kt)("p",null,"For bundles with an HPA, the expected state is ",(0,a.kt)("inlineCode",{parentName:"p"},"Modified"),", as the bundle contains fields that differ from the state of the Bundle at deployment - usually ",(0,a.kt)("inlineCode",{parentName:"p"},"ReplicaSet"),"."),(0,a.kt)("p",null,"You must define a patch in the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," to ignore this field according to ",(0,a.kt)("a",{parentName:"p",href:"#gitrepo-or-bundle-stuck-in-modified-state"},(0,a.kt)("inlineCode",{parentName:"a"},"GitRepo")," or ",(0,a.kt)("inlineCode",{parentName:"a"},"Bundle")," stuck in modified state"),"."),(0,a.kt)("p",null,"Here is an example of such a patch for the deployment ",(0,a.kt)("inlineCode",{parentName:"p"},"nginx")," in namespace ",(0,a.kt)("inlineCode",{parentName:"p"},"default"),":"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: nginx\n namespace: default\n operations:\n - {"op": "remove", "path": "/spec/replicas"}\n')),(0,a.kt)("h3",{id:"what-if-the-cluster-is-unavailable-or-is-in-a-waitcheckin-state"},"What if the cluster is unavailable, or is in a ",(0,a.kt)("inlineCode",{parentName:"h3"},"WaitCheckIn")," state?"),(0,a.kt)("p",null,"You will need to re-import and restart the registration process: Select ",(0,a.kt)("strong",{parentName:"p"},"Cluster")," on the left navigation bar, then select ",(0,a.kt)("strong",{parentName:"p"},"Force Update")),(0,a.kt)("admonition",{type:"caution"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"WaitCheckIn status for Rancher v2.5"),":\nThe cluster will show in ",(0,a.kt)("inlineCode",{parentName:"p"},"WaitCheckIn")," status because the ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-controller")," is attempting to communicate with Fleet using the Rancher service IP. However, Fleet must communicate directly with Rancher via the Kubernetes service DNS using service discovery, not through the proxy. For more, see the ",(0,a.kt)("a",{parentName:"p",href:"https://rancher.com/docs/rancher/v2.5/en/installation/other-installation-methods/behind-proxy/install-rancher/#install-rancher"},"Rancher docs"),".")),(0,a.kt)("h3",{id:"gitrepo-complains-with-gzip-invalid-header"},"GitRepo complains with ",(0,a.kt)("inlineCode",{parentName:"h3"},"gzip: invalid header")),(0,a.kt)("p",null,"When you see an error like the one below ..."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-sh"},"Error opening a gzip reader for /tmp/getter154967024/archive: gzip: invalid header\n")),(0,a.kt)("p",null,"... the content of the helm chart is incorrect. Manually download the chart to your local machine and check the content."),(0,a.kt)("h3",{id:"migrate-the-local-cluster-to-the-fleet-default-cluster-workspace"},"Migrate the local cluster to the Fleet default cluster workspace?"),(0,a.kt)("p",null,"Users can create new workspaces and move clusters across workspaces.\nIt's currently not possible to move the local cluster from ",(0,a.kt)("inlineCode",{parentName:"p"},"fleet-local")," to another workspace."))}d.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/f8113afe.86b19a57.js b/assets/js/f8113afe.be384af5.js similarity index 91% rename from assets/js/f8113afe.86b19a57.js rename to assets/js/f8113afe.be384af5.js index 1627d9cac..c52e42295 100644 --- a/assets/js/f8113afe.86b19a57.js +++ b/assets/js/f8113afe.be384af5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6957],{6828:(e,t,l)=>{l.d(t,{d:()=>s});const s={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},7600:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>u,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>c,toc:()=>d});var s=l(7462),n=(l(7294),l(3905)),a=l(6828),r=l(814);const i={},o="Single Cluster Install",c={unversionedId:"single-cluster-install",id:"version-0.5/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.5/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.5/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/single-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.5/installation"},next:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},u={},d=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],h={toc:d};function p(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,s.Z)({},h,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,n.kt)("p",null,(0,n.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)("h3",{id:"helm-3"},"Helm 3"),(0,n.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,n.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,n.kt)("p",null,"macOS"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Windows"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,n.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,n.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",a.d["v0.5"].fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",a.d["v0.5"].fleet),(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>s});const s=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[6957],{6828:(e,t,l)=>{l.d(t,{d:()=>s});const s={"v0.5":{fleet:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-0.5.3.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-agent-0.5.3.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.5.3/fleet-crd-0.5.3.tgz"},"v0.6":{fleet:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-0.6.0.tgz",fleetAgent:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-agent-0.6.0.tgz",fleetCRD:"https://github.com/rancher/fleet/releases/download/v0.6.0/fleet-crd-0.6.0.tgz"},next:{kubernetes:"1.20.5"}}},7600:(e,t,l)=>{l.r(t),l.d(t,{assets:()=>c,contentTitle:()=>o,default:()=>p,frontMatter:()=>i,metadata:()=>u,toc:()=>d});var s=l(7462),n=(l(7294),l(3905)),a=l(6828),r=l(814);const i={},o="Single Cluster Install",u={unversionedId:"single-cluster-install",id:"version-0.5/single-cluster-install",title:"Single Cluster Install",description:"In this use case you have only one cluster. The cluster will run both the Fleet",source:"@site/versioned_docs/version-0.5/single-cluster-install.md",sourceDirName:".",slug:"/single-cluster-install",permalink:"/0.5/single-cluster-install",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/single-cluster-install.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Installation",permalink:"/0.5/installation"},next:{title:"Multi Cluster Install",permalink:"/0.5/multi-cluster-install"}},c={},d=[{value:"Prerequisites",id:"prerequisites",level:2},{value:"Helm 3",id:"helm-3",level:3},{value:"Kubernetes",id:"kubernetes",level:3},{value:"Install",id:"install",level:2}],h={toc:d};function p(e){let{components:t,...i}=e;return(0,n.kt)("wrapper",(0,s.Z)({},h,i,{components:t,mdxType:"MDXLayout"}),(0,n.kt)("h1",{id:"single-cluster-install"},"Single Cluster Install"),(0,n.kt)("p",null,(0,n.kt)("img",{src:l(1313).Z,width:"520",height:"279"})),(0,n.kt)("p",null,"In this use case you have only one cluster. The cluster will run both the Fleet\nmanager and the Fleet agent. The cluster will communicate with Git server to\ndeploy resources to this local cluster. This is the simplest setup and very\nuseful for dev/test and small scale setups. This use case is supported as a valid\nuse case for production."),(0,n.kt)("h2",{id:"prerequisites"},"Prerequisites"),(0,n.kt)("h3",{id:"helm-3"},"Helm 3"),(0,n.kt)("p",null,"Fleet is distributed as a Helm chart. Helm 3 is a CLI, has no server side component, and is\nfairly straight forward. To install the Helm 3 CLI follow the\n",(0,n.kt)("a",{parentName:"p",href:"https://helm.sh/docs/intro/install/"},"official install instructions"),". The TL;DR is"),(0,n.kt)("p",null,"macOS"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"brew install helm\n")),(0,n.kt)("p",null,"Windows"),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"choco install kubernetes-helm\n")),(0,n.kt)("h3",{id:"kubernetes"},"Kubernetes"),(0,n.kt)("p",null,"Fleet is a controller running on a Kubernetes cluster so an existing cluster is required. For the\nsingle cluster use case you will install Fleet to the cluster which you intend to manage with GitOps.\nAny Kubernetes community supported version of Kubernetes will work, in practice this means 1.15 or greater."),(0,n.kt)("h2",{id:"install"},"Install"),(0,n.kt)("p",null,"Install the following two Helm charts."),(0,n.kt)("p",null,"First install the Fleet CustomResourcesDefintions."),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet-crd"," ",a.d["v0.5"].fleetCRD),(0,n.kt)("p",null,"Second install the Fleet controllers."),(0,n.kt)(r.Z,{language:"bash",mdxType:"CodeBlock"},"helm -n cattle-fleet-system install --create-namespace --wait \\\n fleet"," ",a.d["v0.5"].fleet),(0,n.kt)("p",null,"Fleet should be ready to use now for single cluster. You can check the status of the Fleet controller pods by\nrunning the below commands."),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n cattle-fleet-system logs -l app=fleet-controller\nkubectl -n cattle-fleet-system get pods -l app=fleet-controller\n")),(0,n.kt)("pre",null,(0,n.kt)("code",{parentName:"pre"},"NAME READY STATUS RESTARTS AGE\nfleet-controller-64f49d756b-n57wq 1/1 Running 0 3m21s\n")),(0,n.kt)("p",null,"You can now ",(0,n.kt)("a",{parentName:"p",href:"/0.5/gitrepo-add"},"register some git repos")," in the ",(0,n.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace to start deploying Kubernetes resources."))}p.isMDXComponent=!0},1313:(e,t,l)=>{l.d(t,{Z:()=>s});const s=l.p+"assets/images/single-cluster-72ee1a61547953f123dd741c02cd2017.png"}}]); \ No newline at end of file diff --git a/assets/js/f8909550.4bc5eece.js b/assets/js/f8909550.1a02a79c.js similarity index 98% rename from assets/js/f8909550.4bc5eece.js rename to assets/js/f8909550.1a02a79c.js index 2e8c92b29..04449515c 100644 --- a/assets/js/f8909550.4bc5eece.js +++ b/assets/js/f8909550.1a02a79c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7893],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.4/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.4/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.4/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/namespaces.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.4/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces have are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[7893],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.4/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.4/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.4/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/namespaces.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.4/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.4/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces have are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fb76c575.c3a37dbe.js b/assets/js/fb76c575.c8fbd0b5.js similarity index 98% rename from assets/js/fb76c575.c3a37dbe.js rename to assets/js/fb76c575.c8fbd0b5.js index e0a44a2ff..2871a4ab2 100644 --- a/assets/js/fb76c575.c3a37dbe.js +++ b/assets/js/fb76c575.c8fbd0b5.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3200],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=a.createContext({}),p=function(e){var t=a.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(o.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,o=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=l,h=d["".concat(o,".").concat(m)]||d[m]||u[m]||r;return n?a.createElement(h,i(i({ref:t},c),{},{components:n})):a.createElement(h,i({ref:t},c))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=d;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>u,frontMatter:()=>r,metadata:()=>s,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Agent Initiated",s={unversionedId:"agent-initiated",id:"version-0.4/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.4/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.4/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/agent-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"}},o={},p=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-v0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3200],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var o=a.createContext({}),p=function(e){var t=a.useContext(o),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=p(e.components);return a.createElement(o.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},d=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,o=e.parentName,c=s(e,["components","mdxType","originalType","parentName"]),d=p(n),m=l,h=d["".concat(o,".").concat(m)]||d[m]||u[m]||r;return n?a.createElement(h,i(i({ref:t},c),{},{components:n})):a.createElement(h,i({ref:t},c))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=d;var s={};for(var o in t)hasOwnProperty.call(t,o)&&(s[o]=t[o]);s.originalType=e,s.mdxType="string"==typeof e?e:l,i[1]=s;for(var p=2;p{n.r(t),n.d(t,{assets:()=>o,contentTitle:()=>i,default:()=>u,frontMatter:()=>r,metadata:()=>s,toc:()=>p});var a=n(7462),l=(n(7294),n(3905));const r={},i="Agent Initiated",s={unversionedId:"agent-initiated",id:"version-0.4/agent-initiated",title:"Agent Initiated",description:"Refer to the overview page for a background information on the agent initiated registration style.",source:"@site/versioned_docs/version-0.4/agent-initiated.md",sourceDirName:".",slug:"/agent-initiated",permalink:"/0.4/agent-initiated",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/agent-initiated.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Tokens",permalink:"/0.4/cluster-tokens"},next:{title:"Manager Initiated",permalink:"/0.4/manager-initiated"}},o={},p=[{value:"Cluster Registration Token and Client ID",id:"cluster-registration-token-and-client-id",level:2},{value:"Install agent for a new Cluster",id:"install-agent-for-a-new-cluster",level:2},{value:"Install agent for a predefined Cluster",id:"install-agent-for-a-predefined-cluster",level:2}],c={toc:p};function u(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"agent-initiated"},"Agent Initiated"),(0,l.kt)("p",null,"Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-overview#agent-initiated-registration"},"overview page")," for a background information on the agent initiated registration style."),(0,l.kt)("h2",{id:"cluster-registration-token-and-client-id"},"Cluster Registration Token and Client ID"),(0,l.kt)("p",null,"A downstream cluster is registered using the ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," and optionally a ",(0,l.kt)("strong",{parentName:"p"},"client ID")," or ",(0,l.kt)("strong",{parentName:"p"},"cluster labels"),"."),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"cluster registration token")," is a credential that will authorize the downstream cluster agent to be\nable to initiate the registration process. This is required. Refer to the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," for more information\non how to create tokens and obtain the values. The cluster registration token is manifested as a ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file that will\nbe passed to the ",(0,l.kt)("inlineCode",{parentName:"p"},"helm install")," process."),(0,l.kt)("p",null,"There are two styles of registering an agent. You can have the cluster for this agent dynamically created, in which\ncase you will probably want to specify ",(0,l.kt)("strong",{parentName:"p"},"cluster labels")," upon registration. Or you can have the agent register to a predefined\ncluster in the Fleet manager, in which case you will need a ",(0,l.kt)("strong",{parentName:"p"},"client ID"),". The former approach is typically the easiest."),(0,l.kt)("h2",{id:"install-agent-for-a-new-cluster"},"Install agent for a new Cluster"),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. Following are explanations how to determine and set its parameters."),(0,l.kt)("p",null,"First, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," which contains\nthe registration token to authenticate against the Fleet cluster."),(0,l.kt)("p",null,"Second, optionally you can define labels that will assigned to the newly created cluster upon registration. After\nregistration is completed an agent cannot change the labels of the cluster. To add cluster labels add\n",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.KEY=VALUE")," to the below Helm command. To add the labels ",(0,l.kt)("inlineCode",{parentName:"p"},"foo=bar")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"bar=baz")," then you would\nadd ",(0,l.kt)("inlineCode",{parentName:"p"},"--set-string labels.foo=bar --set-string labels.bar=baz")," to the command line."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'# Leave blank if you do not want any labels\nCLUSTER_LABELS="--set-string labels.example=true --set-string labels.env=dev"\n')),(0,l.kt)("p",null,"Third, set variables with the Fleet cluster's API Server URL and CA, for the downstream cluster to use for connecting."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"API_SERVER_URL=https://...\nAPI_SERVER_CA_DATA=...\n")),(0,l.kt)("p",null,"Value in ",(0,l.kt)("inlineCode",{parentName:"p"},"API_SERVER_CA_DATA")," can be obtained from a ",(0,l.kt)("inlineCode",{parentName:"p"},".kube/config")," file with valid data to connect to the upstream cluster\n(under the ",(0,l.kt)("inlineCode",{parentName:"p"},"certificate-authority-data")," key). Alternatively it can be obtained from within the upstream cluster itself,\nby looking up the default ServiceAccount secret name (typically prefixed with ",(0,l.kt)("inlineCode",{parentName:"p"},"default-token-"),", in the default namespace),\nunder the ",(0,l.kt)("inlineCode",{parentName:"p"},"ca.crt")," key."),(0,l.kt)("admonition",{type:"caution"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"warning"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n $CLUSTER_LABELS \\\n --values values.yaml \\\n --set apiServerCA="$API_SERVER_CA_DATA" \\\n --set apiServerURL="$API_SERVER_URL" \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\ncluster-ab13e54400f1 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")),(0,l.kt)("h2",{id:"install-agent-for-a-predefined-cluster"},"Install agent for a predefined Cluster"),(0,l.kt)("p",null,"Client IDs are for the purpose of predefining clusters in the Fleet manager with existing labels and repos targeted to them.\nA client ID is not required and is just one approach to managing clusters.\nThe ",(0,l.kt)("strong",{parentName:"p"},"client ID")," is a unique string that will identify the cluster.\nThis string is user generated and opaque to the Fleet manager and agent. It is assumed to be sufficiently unique. For security reasons one should not be able to easily guess this value\nas then one cluster could impersonate another. The client ID is optional and if not specified the UID field of the ",(0,l.kt)("inlineCode",{parentName:"p"},"kube-system")," namespace\nresource will be used as the client ID. Upon registration if the client ID is found on a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource in the Fleet manager it will associate\nthe agent with that ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". If no ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource is found with that client ID a new ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," resource will be created with the specific\nclient ID."),(0,l.kt)("p",null,"The Fleet agent is installed as a Helm chart. The only parameters to the helm chart installation should be the cluster registration token, which\nis represented by the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file and the client ID. The client ID is optional."),(0,l.kt)("p",null,"First, create a ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," in the Fleet Manager with the random client ID you have chosen."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: Cluster\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: my-cluster\n namespace: clusters\nspec:\n clientID: "really-random"\n')),(0,l.kt)("p",null,"Second, follow the ",(0,l.kt)("a",{parentName:"p",href:"/0.4/cluster-tokens"},"cluster registration token page")," to obtain the ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml")," file to be used."),(0,l.kt)("p",null,"Third, setup your environment to use the client ID."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'CLUSTER_CLIENT_ID="really-random"\n')),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Use proper namespace and release name"),":\nFor the agent chart the namespace must be ",(0,l.kt)("inlineCode",{parentName:"p"},"cattle-fleet-system")," and the release name ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-agent"))),(0,l.kt)("admonition",{type:"note"},(0,l.kt)("p",{parentName:"admonition"},(0,l.kt)("strong",{parentName:"p"},"Ensure you are installing to the right cluster"),":\nHelm will use the default context in ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," to deploy the agent. Use ",(0,l.kt)("inlineCode",{parentName:"p"},"--kubeconfig")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"--kube-context"),"\nto change which cluster Helm is installing to.")),(0,l.kt)("p",null,"Finally, install the agent using Helm."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},'helm -n cattle-fleet-system install --create-namespace --wait \\\n --set clientID="$CLUSTER_CLIENT_ID" \\\n --values values.yaml \\\n fleet-agent https://github.com/rancher/fleet/releases/download/v0.4.1/fleet-agent-v0.4.1.tgz\n')),(0,l.kt)("p",null,"The agent should now be deployed. You can check that status of the fleet pods by running the below commands."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"# Ensure kubectl is pointing to the right cluster\nkubectl -n cattle-fleet-system logs -l app=fleet-agent\nkubectl -n cattle-fleet-system get pods -l app=fleet-agent\n")),(0,l.kt)("p",null,"Additionally you should see a new cluster registered in the Fleet manager. Below is an example of checking that a new cluster\nwas registered in the ",(0,l.kt)("inlineCode",{parentName:"p"},"clusters")," ",(0,l.kt)("a",{parentName:"p",href:"/0.4/namespaces"},"namespace"),". Please ensure your ",(0,l.kt)("inlineCode",{parentName:"p"},"${HOME}/.kube/config")," is pointed to the Fleet\nmanager to run this command."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-shell"},"kubectl -n clusters get clusters.fleet.cattle.io\n")),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"NAME BUNDLES-READY NODES-READY SAMPLE-NODE LAST-SEEN STATUS\nmy-cluster 1/1 1/1 k3d-cluster2-server-0 2020-08-31T19:23:10Z \n")))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fbaf079d.d063dc4c.js b/assets/js/fbaf079d.2bc17f32.js similarity index 98% rename from assets/js/fbaf079d.d063dc4c.js rename to assets/js/fbaf079d.2bc17f32.js index 6212bd722..7402d01c4 100644 --- a/assets/js/fbaf079d.d063dc4c.js +++ b/assets/js/fbaf079d.2bc17f32.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2030],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,s=e.parentName,c=l(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(s,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l.mdxType="string"==typeof e?e:o,r[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>l,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",l={unversionedId:"bundle-diffs",id:"bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/docs/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/bundle-diffs.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/webhook"}},s={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,"In this simple example, we create a Service and ConfigMap that we apply a bundle diff onto."),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec."),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2030],{3905:(e,n,t)=>{t.d(n,{Zo:()=>c,kt:()=>u});var a=t(7294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function i(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function r(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):r(r({},n),e)),t},c=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},d={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,i=e.originalType,s=e.parentName,c=l(e,["components","mdxType","originalType","parentName"]),m=p(t),u=o,h=m["".concat(s,".").concat(u)]||m[u]||d[u]||i;return t?a.createElement(h,r(r({ref:n},c),{},{components:t})):a.createElement(h,r({ref:n},c))}));function u(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var i=t.length,r=new Array(i);r[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l.mdxType="string"==typeof e?e:o,r[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>r,default:()=>d,frontMatter:()=>i,metadata:()=>l,toc:()=>p});var a=t(7462),o=(t(7294),t(3905));const i={},r="Generating Diffs to Ignore Modified GitRepos",l={unversionedId:"bundle-diffs",id:"bundle-diffs",title:"Generating Diffs to Ignore Modified GitRepos",description:"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles.",source:"@site/docs/bundle-diffs.md",sourceDirName:".",slug:"/bundle-diffs",permalink:"/bundle-diffs",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/bundle-diffs.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Mapping to Downstream Clusters",permalink:"/gitrepo-targets"},next:{title:"Using Webhooks Instead of Polling",permalink:"/webhook"}},s={},p=[{value:"Simple Example",id:"simple-example",level:2},{value:"Gatekeeper Example",id:"gatekeeper-example",level:2},{value:"1. ValidatingWebhookConfiguration:",id:"1-validatingwebhookconfiguration",level:3},{value:"2. Deployment gatekeeper-controller-manager:",id:"2-deployment-gatekeeper-controller-manager",level:3},{value:"3. Deployment gatekeeper-audit:",id:"3-deployment-gatekeeper-audit",level:3},{value:"Combining It All Together",id:"combining-it-all-together",level:3}],c={toc:p};function d(e){let{components:n,...i}=e;return(0,o.kt)("wrapper",(0,a.Z)({},c,i,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"generating-diffs-to-ignore-modified-gitrepos"},"Generating Diffs to Ignore Modified GitRepos"),(0,o.kt)("p",null,"Continuous Delivery in Rancher is powered by fleet. When a user adds a GitRepo CR, then Continuous Delivery creates the associated fleet bundles."),(0,o.kt)("p",null,"You can access these bundles by navigating to the Cluster Explorer (Dashboard UI), and selecting the ",(0,o.kt)("inlineCode",{parentName:"p"},"Bundles")," section."),(0,o.kt)("p",null,"The bundled charts may have some objects that are amended at runtime, for example in ValidatingWebhookConfiguration the ",(0,o.kt)("inlineCode",{parentName:"p"},"caBundle")," is empty and the CA cert is injected by the cluster."),(0,o.kt)("p",null,'This leads the status of the bundle and associated GitRepo to be reported as "Modified"'),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(9366).Z,width:"1191",height:"344"})),(0,o.kt)("p",null,"Associated Bundle\n",(0,o.kt)("img",{src:t(6368).Z,width:"1188",height:"420"})),(0,o.kt)("p",null,"Fleet bundles support the ability to specify a custom ",(0,o.kt)("a",{parentName:"p",href:"http://jsonpatch.com/"},"jsonPointer patch"),"."),(0,o.kt)("p",null,"With the patch, users can instruct fleet to ignore object modifications."),(0,o.kt)("h2",{id:"simple-example"},"Simple Example"),(0,o.kt)("p",null,"In this simple example, we create a Service and ConfigMap that we apply a bundle diff onto."),(0,o.kt)("p",null,(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs"},"https://github.com/rancher/fleet-test-data/tree/master/bundle-diffs")),(0,o.kt)("h2",{id:"gatekeeper-example"},"Gatekeeper Example"),(0,o.kt)("p",null,"In this example, we are trying to deploy opa-gatekeeper using Continuous Delivery to our clusters."),(0,o.kt)("p",null,"The opa-gatekeeper bundle associated with the opa GitRepo is in modified state."),(0,o.kt)("p",null,"Each path in the GitRepo CR, has an associated Bundle CR. The user can view the Bundles, and the associated diff needed in the Bundle status."),(0,o.kt)("p",null,"In our case the differences detected are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' summary:\n desiredReady: 1\n modified: 1\n nonReadyResources:\n - bundleState: Modified\n modifiedStatus:\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n patch: \'{"$setElementOrder/webhooks":[{"name":"validation.gatekeeper.sh"},{"name":"check-ignore-label.gatekeeper.sh"}],"webhooks":[{"clientConfig":{"caBundle":"Cg=="},"name":"validation.gatekeeper.sh","rules":[{"apiGroups":["*"],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["*"]}]},{"clientConfig":{"caBundle":"Cg=="},"name":"check-ignore-label.gatekeeper.sh","rules":[{"apiGroups":[""],"apiVersions":["*"],"operations":["CREATE","UPDATE"],"resources":["namespaces"]}]}]}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n patch: \'{"spec":{"template":{"spec":{"$setElementOrder/containers":[{"name":"manager"}],"containers":[{"name":"manager","resources":{"limits":{"cpu":"1000m"}}}],"tolerations":[]}}}}\'\n')),(0,o.kt)("p",null,"Based on this summary, there are three objects which need to be patched."),(0,o.kt)("p",null,"We will look at these one at a time."),(0,o.kt)("h3",{id:"1-validatingwebhookconfiguration"},"1. ValidatingWebhookConfiguration:"),(0,o.kt)("p",null,"The gatekeeper-validating-webhook-configuration validating webhook has two ValidatingWebhooks in its spec."),(0,o.kt)("p",null,"In cases where more than one element in the field requires a patch, that patch will refer these to as ",(0,o.kt)("inlineCode",{parentName:"p"},"$setElementOrder/ELEMENTNAME")),(0,o.kt)("p",null,"From this information, we can see the two ValidatingWebhooks in question are:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' "$setElementOrder/webhooks": [\n {\n "name": "validation.gatekeeper.sh"\n },\n {\n "name": "check-ignore-label.gatekeeper.sh"\n }\n ],\n')),(0,o.kt)("p",null,"Within each ValidatingWebhook, the fields that need to be ignore are as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "validation.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n "*"\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "*"\n ]\n }\n ]\n },\n')),(0,o.kt)("p",null," and"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},' {\n "clientConfig": {\n "caBundle": "Cg=="\n },\n "name": "check-ignore-label.gatekeeper.sh",\n "rules": [\n {\n "apiGroups": [\n ""\n ],\n "apiVersions": [\n "*"\n ],\n "operations": [\n "CREATE",\n "UPDATE"\n ],\n "resources": [\n "namespaces"\n ]\n }\n ]\n }\n')),(0,o.kt)("p",null,"In summary, we need to ignore the fields ",(0,o.kt)("inlineCode",{parentName:"p"},"rules")," and ",(0,o.kt)("inlineCode",{parentName:"p"},"clientConfig.caBundle")," in our patch specification."),(0,o.kt)("p",null,"The field webhook in the ValidatingWebhookConfiguration spec is an array, so we need to address the elements by their index values."),(0,o.kt)("p",null,(0,o.kt)("img",{src:t(1418).Z,width:"1104",height:"837"})),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("h3",{id:"2-deployment-gatekeeper-controller-manager"},"2. Deployment gatekeeper-controller-manager:"),(0,o.kt)("p",null,"The gatekeeper-controller-manager deployment is modified since there are cpu limits and tolerations applied (which are not in the actual bundle)."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"In this case, there is only 1 container in the deployment container spec, and that container has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"3-deployment-gatekeeper-audit"},"3. Deployment gatekeeper-audit:"),(0,o.kt)("p",null,"The gatekeeper-audit deployment is modified in a similarly, to the gatekeeper-controller-manager, with additional cpu limits and tolerations applied."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'{\n "spec": {\n "template": {\n "spec": {\n "$setElementOrder/containers": [\n {\n "name": "manager"\n }\n ],\n "containers": [\n {\n "name": "manager",\n "resources": {\n "limits": {\n "cpu": "1000m"\n }\n }\n }\n ],\n "tolerations": []\n }\n }\n }\n}\n')),(0,o.kt)("p",null,"Similar to gatekeeper-controller-manager, there is only 1 container in the deployments container spec, and that has cpu limits and tolerations added."),(0,o.kt)("p",null,"Based on this information, our diff patch would look as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},' - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n')),(0,o.kt)("h3",{id:"combining-it-all-together"},"Combining It All Together"),(0,o.kt)("p",null,"We can now combine all these patches as follows:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-yaml"},'diff:\n comparePatches:\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-audit\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: apps/v1\n kind: Deployment\n name: gatekeeper-controller-manager\n namespace: cattle-gatekeeper-system\n operations:\n - {"op": "remove", "path": "/spec/template/spec/containers/0/resources/limits/cpu"}\n - {"op": "remove", "path": "/spec/template/spec/tolerations"}\n - apiVersion: admissionregistration.k8s.io/v1\n kind: ValidatingWebhookConfiguration\n name: gatekeeper-validating-webhook-configuration\n operations:\n - {"op": "remove", "path":"/webhooks/0/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/0/rules"}\n - {"op": "remove", "path":"/webhooks/1/clientConfig/caBundle"}\n - {"op": "remove", "path":"/webhooks/1/rules"}\n')),(0,o.kt)("p",null,"We can add these now to the bundle directly to test and also commit the same to the ",(0,o.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," in your GitRepo."),(0,o.kt)("p",null,'Once these are added, the GitRepo should deploy and be in "Active" status.'))}d.isMDXComponent=!0},6368:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedBundle-636a094dc9a854e2cc752ad34fcadd60.png"},9366:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/ModifiedGitRepo-17a5600892cf08e11388c8612131d81d.png"},1418:(e,n,t)=>{t.d(n,{Z:()=>a});const a=t.p+"assets/images/WebhookConfigurationSpec-0721d92eb5e5e87e815ad8fe32242bed.png"}}]); \ No newline at end of file diff --git a/assets/js/fbcf914d.c0bd1746.js b/assets/js/fbcf914d.c9d8ac09.js similarity index 97% rename from assets/js/fbcf914d.c0bd1746.js rename to assets/js/fbcf914d.c9d8ac09.js index 1b7db27ef..71c671097 100644 --- a/assets/js/fbcf914d.c0bd1746.js +++ b/assets/js/fbcf914d.c9d8ac09.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[751],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.8/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.8/index.md",sourceDirName:".",slug:"/",permalink:"/0.8/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/index.md",tags:[],version:"0.8",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.8/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[751],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var r=n(7294);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function o(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function i(e){for(var t=1;t=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var l=r.createContext({}),c=function(e){var t=r.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return r.createElement(l.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,o=e.originalType,l=e.parentName,u=s(e,["components","mdxType","originalType","parentName"]),d=c(n),m=a,f=d["".concat(l,".").concat(m)]||d[m]||p[m]||o;return n?r.createElement(f,i(i({ref:t},u),{},{components:n})):r.createElement(f,i({ref:t},u))}));function m(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var o=n.length,i=new Array(o);i[0]=d;var s={};for(var l in t)hasOwnProperty.call(t,l)&&(s[l]=t[l]);s.originalType=e,s.mdxType="string"==typeof e?e:a,i[1]=s;for(var c=2;c{n.r(t),n.d(t,{assets:()=>l,contentTitle:()=>i,default:()=>p,frontMatter:()=>o,metadata:()=>s,toc:()=>c});var r=n(7462),a=(n(7294),n(3905));const o={},i="Overview",s={unversionedId:"index",id:"version-0.8/index",title:"Overview",description:"What is Fleet?",source:"@site/versioned_docs/version-0.8/index.md",sourceDirName:".",slug:"/",permalink:"/0.8/",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.8/index.md",tags:[],version:"0.8",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",next:{title:"Quick Start",permalink:"/0.8/quickstart"}},l={},c=[{value:"What is Fleet?",id:"what-is-fleet",level:3},{value:"Configuration Management",id:"configuration-management",level:3}],u={toc:c};function p(e){let{components:t,...o}=e;return(0,a.kt)("wrapper",(0,r.Z)({},u,o,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"overview"},"Overview"),(0,a.kt)("p",null,(0,a.kt)("img",{src:n(5082).Z,width:"1366",height:"960"})),(0,a.kt)("h3",{id:"what-is-fleet"},"What is Fleet?"),(0,a.kt)("ul",null,(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Cluster engine"),": Fleet is a container management and deployment engine designed to offer users more control on the local cluster and constant monitoring through ",(0,a.kt)("strong",{parentName:"p"},"GitOps"),". Fleet focuses not only on the ability to scale, but it also gives users a high degree of control and visibility to monitor exactly what is installed on the cluster.")),(0,a.kt)("li",{parentName:"ul"},(0,a.kt)("p",{parentName:"li"},(0,a.kt)("strong",{parentName:"p"},"Deployment management"),": Fleet can manage deployments from git of raw Kubernetes YAML, Helm charts, Kustomize, or any combination of the three. Regardless of the source, all resources are dynamically turned into Helm charts, and Helm is used as the engine to deploy all resources in the cluster. As a result, users can enjoy a high degree of control, consistency, and auditability of their clusters."))),(0,a.kt)("h3",{id:"configuration-management"},"Configuration Management"),(0,a.kt)("p",null,"Fleet is fundamentally a set of Kubernetes ",(0,a.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/concepts/"},"custom resource definitions (CRDs)")," and controllers that manage GitOps for a single Kubernetes cluster or a large scale deployment of Kubernetes clusters. It is a distributed initialization system that makes it easy to customize applications and manage HA clusters from a single point."))}p.isMDXComponent=!0},5082:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/fleet-architecture-f708ce634648101dc98f451dcd59fe84.svg"}}]); \ No newline at end of file diff --git a/assets/js/fd06576e.8d7f4975.js b/assets/js/fd06576e.5bc22487.js similarity index 98% rename from assets/js/fd06576e.8d7f4975.js rename to assets/js/fd06576e.5bc22487.js index ace4bdf00..a81c9d3a2 100644 --- a/assets/js/fd06576e.8d7f4975.js +++ b/assets/js/fd06576e.5bc22487.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3667],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.5/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.5/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.5/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/namespaces.md",tags:[],version:"0.5",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.5/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[3667],{3905:(e,t,a)=>{a.d(t,{Zo:()=>c,kt:()=>u});var n=a(7294);function l(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function s(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),a.push.apply(a,n)}return a}function r(e){for(var t=1;t=0||(l[a]=e[a]);return l}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,a)&&(l[a]=e[a])}return l}var o=n.createContext({}),p=function(e){var t=n.useContext(o),a=t;return e&&(a="function"==typeof e?e(t):r(r({},t),e)),a},c=function(e){var t=p(e.components);return n.createElement(o.Provider,{value:t},e.children)},m={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var a=e.components,l=e.mdxType,s=e.originalType,o=e.parentName,c=i(e,["components","mdxType","originalType","parentName"]),d=p(a),u=l,h=d["".concat(o,".").concat(u)]||d[u]||m[u]||s;return a?n.createElement(h,r(r({ref:t},c),{},{components:a})):n.createElement(h,r({ref:t},c))}));function u(e,t){var a=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var s=a.length,r=new Array(s);r[0]=d;var i={};for(var o in t)hasOwnProperty.call(t,o)&&(i[o]=t[o]);i.originalType=e,i.mdxType="string"==typeof e?e:l,r[1]=i;for(var p=2;p{a.r(t),a.d(t,{assets:()=>o,contentTitle:()=>r,default:()=>m,frontMatter:()=>s,metadata:()=>i,toc:()=>p});var n=a(7462),l=(a(7294),a(3905));const s={},r="Namespaces",i={unversionedId:"namespaces",id:"version-0.5/namespaces",title:"Namespaces",description:"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces",source:"@site/versioned_docs/version-0.5/namespaces.md",sourceDirName:".",slug:"/namespaces",permalink:"/0.5/namespaces",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.5/namespaces.md",tags:[],version:"0.5",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Groups",permalink:"/0.5/cluster-group"},next:{title:"Adding a GitRepo",permalink:"/0.5/gitrepo-add"}},o={},p=[{value:"GitRepos, Bundles, Clusters, ClusterGroups",id:"gitrepos-bundles-clusters-clustergroups",level:2},{value:"Namespace Creation Behavior in Bundles",id:"namespace-creation-behavior-in-bundles",level:2},{value:"Special Namespaces",id:"special-namespaces",level:2},{value:"fleet-local",id:"fleet-local",level:3},{value:"cattle-fleet-system",id:"cattle-fleet-system",level:3},{value:"cattle-fleet-clusters-system",id:"cattle-fleet-clusters-system",level:3},{value:"Cluster namespaces",id:"cluster-namespaces",level:3},{value:"Cross namespace deployments",id:"cross-namespace-deployments",level:2},{value:"Restricting GitRepos",id:"restricting-gitrepos",level:2}],c={toc:p};function m(e){let{components:t,...a}=e;return(0,l.kt)("wrapper",(0,n.Z)({},c,a,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"namespaces"},"Namespaces"),(0,l.kt)("p",null,"All types in the Fleet manager are namespaced. The namespaces of the manager types do not correspond to the namespaces\nof the deployed resources in the downstream cluster. Understanding how namespaces are use in the Fleet manager is\nimportant to understand the security model and how one can use Fleet in a multi-tenant fashion."),(0,l.kt)("h2",{id:"gitrepos-bundles-clusters-clustergroups"},"GitRepos, Bundles, Clusters, ClusterGroups"),(0,l.kt)("p",null,"The primary types are all scoped to a namespace. All selectors for ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," targets will be evaluated against\nthe ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroups")," in the same namespaces. This means that if you give ",(0,l.kt)("inlineCode",{parentName:"p"},"create")," or ",(0,l.kt)("inlineCode",{parentName:"p"},"update")," privileges\nto a the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," type in a namespace, that end user can modify the selector to match any cluster in that namespace.\nThis means in practice if you want to have two teams self manage their own ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," registrations but they should\nnot be able to target each others clusters, they should be in different namespaces."),(0,l.kt)("h2",{id:"namespace-creation-behavior-in-bundles"},"Namespace Creation Behavior in Bundles"),(0,l.kt)("p",null,"When deploying a Fleet bundle, the specified namespace will automatically be created if it does not already exist."),(0,l.kt)("h2",{id:"special-namespaces"},"Special Namespaces"),(0,l.kt)("h3",{id:"fleet-local"},"fleet-local"),(0,l.kt)("p",null,"The ",(0,l.kt)("strong",{parentName:"p"},"fleet-local")," namespace is a special namespace used for the single cluster use case or to bootstrap\nthe configuration of the Fleet manager."),(0,l.kt)("p",null,"When fleet is installed the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," namespace is created along with one ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," and one\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," called ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". If no targets are specified on a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),", it is by default targeted to the\n",(0,l.kt)("inlineCode",{parentName:"p"},"ClusterGroup")," named ",(0,l.kt)("inlineCode",{parentName:"p"},"default"),". This means that all ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," created in ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet-local")," will\nautomatically target the ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster"),". The ",(0,l.kt)("inlineCode",{parentName:"p"},"local")," ",(0,l.kt)("inlineCode",{parentName:"p"},"Cluster")," refers to the cluster the Fleet manager is running\non."),(0,l.kt)("h3",{id:"cattle-fleet-system"},"cattle-fleet-system"),(0,l.kt)("p",null,"The Fleet controller and Fleet agent run in this namespace. All service accounts referenced by ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," are expected\nto live in this namespace in the downstream cluster."),(0,l.kt)("h3",{id:"cattle-fleet-clusters-system"},"cattle-fleet-clusters-system"),(0,l.kt)("p",null,"This namespace holds secrets for the cluster registration process. It should contain no other resources in it,\nespecially secrets."),(0,l.kt)("h3",{id:"cluster-namespaces"},"Cluster namespaces"),(0,l.kt)("p",null,"For every cluster that is registered a namespace is created by the Fleet manager for that cluster.\nThese namespaces are named in the form ",(0,l.kt)("inlineCode",{parentName:"p"},"cluster-${namespace}-${cluster}-${random}"),". The purpose of this\nnamespace is that all ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," for that cluster are put into this namespace and\nthen the downstream cluster is given access to watch and update ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployments")," in that namespace only."),(0,l.kt)("h2",{id:"cross-namespace-deployments"},"Cross namespace deployments"),(0,l.kt)("p",null,"It is possible to create a GitRepo that will deploy across namespaces. The primary purpose of this is so that a\ncentral privileged team can manage common configuration for many clusters that are managed by different teams. The way\nthis is accomplished is by creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource in a cluster."),(0,l.kt)("p",null,"If you are creating a ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," resource it is best to do it in a namespace that only contains ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\nand no ",(0,l.kt)("inlineCode",{parentName:"p"},"Clusters"),". It seems to get confusing if you have Clusters in the same repo as the cross namespace ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos")," will still\nalways be evaluated against the current namespace. So if you have clusters in the same namespace you may wish to make them\ncanary clusters."),(0,l.kt)("p",null,"A ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMapping")," has only two fields. Which are as below"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},"kind: BundleNamespaceMapping\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: not-important\n namespace: typically-unique\n\n# Bundles to match by label. The labels are defined in the fleet.yaml\n# labels field or from the GitRepo metadata.labels field\nbundleSelector:\n matchLabels:\n foo: bar\n\n# Namespaces to match by label\nnamespaceSelector:\n matchLabels:\n foo: bar\n")),(0,l.kt)("p",null,"If the ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleNamespaceMappings")," ",(0,l.kt)("inlineCode",{parentName:"p"},"bundleSelector")," field matches a ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundles")," labels then that ",(0,l.kt)("inlineCode",{parentName:"p"},"Bundle")," target criteria will\nbe evaluated against all clusters in all namespaces that match ",(0,l.kt)("inlineCode",{parentName:"p"},"namespaceSelector"),". One can specify labels for the created\nbundles from git by putting labels in the ",(0,l.kt)("inlineCode",{parentName:"p"},"fleet.yaml")," file or on the ",(0,l.kt)("inlineCode",{parentName:"p"},"metadata.labels")," field on the ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo"),"."),(0,l.kt)("h2",{id:"restricting-gitrepos"},"Restricting GitRepos"),(0,l.kt)("p",null,"A namespace can contain multiple ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepoRestriction")," resources. All ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepos"),"\ncreated in that namespace will be checked against the list of restrictions.\nIf a ",(0,l.kt)("inlineCode",{parentName:"p"},"GitRepo")," violates one of the constraints its ",(0,l.kt)("inlineCode",{parentName:"p"},"BundleDeployment")," will be\nin an error state and won't be deployed."),(0,l.kt)("p",null,"This can also be used to set the defaults for GitRepo's ",(0,l.kt)("inlineCode",{parentName:"p"},"serviceAccount")," and ",(0,l.kt)("inlineCode",{parentName:"p"},"clientSecretName")," fields."),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepoRestriction\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: restriction\n namespace: typically-unique\nallowedClientSecretNames: []\nallowedRepoPatterns: []\nallowedServiceAccounts: []\ndefaultClientSecretName: ""\ndefaultServiceAccount: ""\n')))}m.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fd26103c.86f887ad.js b/assets/js/fd26103c.898bac9c.js similarity index 98% rename from assets/js/fd26103c.86f887ad.js rename to assets/js/fd26103c.898bac9c.js index 5f28b76b0..8e61f01fc 100644 --- a/assets/js/fd26103c.86f887ad.js +++ b/assets/js/fd26103c.898bac9c.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2392],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.4/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.4/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.4/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-targets.md",tags:[],version:"0.4",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[2392],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>m});var n=r(7294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function l(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var i=n.createContext({}),c=function(e){var t=n.useContext(i),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(i.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,l=e.originalType,i=e.parentName,p=s(e,["components","mdxType","originalType","parentName"]),d=c(r),m=a,f=d["".concat(i,".").concat(m)]||d[m]||u[m]||l;return r?n.createElement(f,o(o({ref:t},p),{},{components:r})):n.createElement(f,o({ref:t},p))}));function m(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=r.length,o=new Array(l);o[0]=d;var s={};for(var i in t)hasOwnProperty.call(t,i)&&(s[i]=t[i]);s.originalType=e,s.mdxType="string"==typeof e?e:a,o[1]=s;for(var c=2;c{r.r(t),r.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>l,metadata:()=>s,toc:()=>c});var n=r(7462),a=(r(7294),r(3905));const l={},o="Mapping to Downstream Clusters",s={unversionedId:"gitrepo-targets",id:"version-0.4/gitrepo-targets",title:"Mapping to Downstream Clusters",description:"Multi-cluster Only:",source:"@site/versioned_docs/version-0.4/gitrepo-targets.md",sourceDirName:".",slug:"/gitrepo-targets",permalink:"/0.4/gitrepo-targets",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.4/gitrepo-targets.md",tags:[],version:"0.4",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Expected Repo Structure",permalink:"/0.4/gitrepo-structure"},next:{title:"Generating Diffs for Modified GitRepos",permalink:"/0.4/bundle-diffs"}},i={},c=[{value:"Defining targets",id:"defining-targets",level:2},{value:"Target Matching",id:"target-matching",level:2},{value:"Default target",id:"default-target",level:2}],p={toc:c};function u(e){let{components:t,...r}=e;return(0,a.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",{id:"mapping-to-downstream-clusters"},"Mapping to Downstream Clusters"),(0,a.kt)("admonition",{type:"info"},(0,a.kt)("p",{parentName:"admonition"},(0,a.kt)("strong",{parentName:"p"},"Multi-cluster Only"),":\nThis approach only applies if you are running Fleet in a multi-cluster style")),(0,a.kt)("p",null,"When deploying ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepos")," to downstream clusters the clusters must be mapped to a target."),(0,a.kt)("h2",{id:"defining-targets"},"Defining targets"),(0,a.kt)("p",null,"The deployment targets of ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," is done using the ",(0,a.kt)("inlineCode",{parentName:"p"},"spec.targets")," field to\nmatch clusters or cluster groups. The YAML specification is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},'kind: GitRepo\napiVersion: fleet.cattle.io/v1alpha1\nmetadata:\n name: myrepo\n namespace: clusters\nspec:\n repo: https://github.com/rancher/fleet-examples\n paths:\n - simple\n\n # Targets are evaluated in order and the first one to match is used. If\n # no targets match then the evaluated cluster will not be deployed to.\n targets:\n # The name of target. This value is largely for display and logging.\n # If not specified a default name of the format "target000" will be used\n - name: prod\n # A selector used to match clusters. The structure is the standard\n # metav1.LabelSelector format. If clusterGroupSelector or clusterGroup is specified,\n # clusterSelector will be used only to further refine the selection after\n # clusterGroupSelector and clusterGroup is evaluated.\n clusterSelector:\n matchLabels:\n env: prod\n # A selector used to match cluster groups.\n clusterGroupSelector:\n matchLabels:\n region: us-east\n # A specific clusterGroup by name that will be selected\n clusterGroup: group1\n')),(0,a.kt)("h2",{id:"target-matching"},"Target Matching"),(0,a.kt)("p",null,"All clusters and cluster groups in the same namespace as the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be evaluated against all targets.\nIf any of the targets match the cluster then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will be deployed to the downstream cluster. If\nno match is made, then the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," will not be deployed to that cluster."),(0,a.kt)("p",null,'There are three approaches to matching clusters.\nOne can use cluster selectors, cluster group selectors, or an explicit cluster group name. All criteria is additive so\nthe final match is evaluated as "clusterSelector && clusterGroupSelector && clusterGroup". If any of the three have the\ndefault value it is dropped from the criteria. The default value is either null or "". It is important to realize\nthat the value ',(0,a.kt)("inlineCode",{parentName:"p"},"{}"),' for a selector means "match everything."'),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"# Match everything\nclusterSelector: {}\n# Selector ignored\nclusterSelector: null\n")),(0,a.kt)("h2",{id:"default-target"},"Default target"),(0,a.kt)("p",null,"If no target is set for the ",(0,a.kt)("inlineCode",{parentName:"p"},"GitRepo")," then the default targets value is applied. The default targets value is as below."),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre",className:"language-yaml"},"targets:\n- name: default\n clusterGroup: default\n")),(0,a.kt)("p",null,"This means if you wish to setup a default location non-configured GitRepos will go to, then just create a cluster group called default\nand add clusters to it."))}u.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fe67fe92.a4fede24.js b/assets/js/fe67fe92.a4fede24.js new file mode 100644 index 000000000..53fd246bf --- /dev/null +++ b/assets/js/fe67fe92.a4fede24.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1635],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>u});var n=r(7294);function l(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function o(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function a(e){for(var t=1;t=0||(l[r]=e[r]);return l}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(n=0;n=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(l[r]=e[r])}return l}var s=n.createContext({}),c=function(e){var t=n.useContext(s),r=t;return e&&(r="function"==typeof e?e(t):a(a({},t),e)),r},p=function(e){var t=c(e.components);return n.createElement(s.Provider,{value:t},e.children)},f={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},d=n.forwardRef((function(e,t){var r=e.components,l=e.mdxType,o=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(r),u=l,m=d["".concat(s,".").concat(u)]||d[u]||f[u]||o;return r?n.createElement(m,a(a({ref:t},p),{},{components:r})):n.createElement(m,a({ref:t},p))}));function u(e,t){var r=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var o=r.length,a=new Array(o);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:l,a[1]=i;for(var c=2;c{r.r(t),r.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>f,frontMatter:()=>o,metadata:()=>i,toc:()=>c});var n=r(7462),l=(r(7294),r(3905));const o={title:"",sidebar_label:"fleet apply"},a=void 0,i={unversionedId:"cli/fleet-cli/fleet_apply",id:"version-0.9/cli/fleet-cli/fleet_apply",title:"",description:"fleet apply",source:"@site/versioned_docs/version-0.9/cli/fleet-cli/fleet_apply.md",sourceDirName:"cli/fleet-cli",slug:"/cli/fleet-cli/fleet_apply",permalink:"/0.9/cli/fleet-cli/fleet_apply",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.9/cli/fleet-cli/fleet_apply.md",tags:[],version:"0.9",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{title:"",sidebar_label:"fleet apply"},sidebar:"docs",previous:{title:"fleet",permalink:"/0.9/cli/fleet-cli/fleet"},next:{title:"fleet test",permalink:"/0.9/cli/fleet-cli/fleet_test"}},s={},c=[{value:"fleet apply",id:"fleet-apply",level:2},{value:"Options",id:"options",level:3},{value:"Options inherited from parent commands",id:"options-inherited-from-parent-commands",level:3},{value:"SEE ALSO",id:"see-also",level:3}],p={toc:c};function f(e){let{components:t,...r}=e;return(0,l.kt)("wrapper",(0,n.Z)({},p,r,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h2",{id:"fleet-apply"},"fleet apply"),(0,l.kt)("p",null,"Render a bundle into a Kubernetes resource and apply it in the Fleet Manager"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},"fleet apply [flags] BUNDLE_NAME PATH...\n")),(0,l.kt)("h3",{id:"options"},"Options"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"}," -b, --bundle-file string Location of the raw Bundle resource yaml\n --cacerts-file string Path of custom cacerts for helm repo\n --commit string Commit to assign to the bundle\n -c, --compress Force all resources to be compress\n --correct-drift Rollback any change made from outside of Fleet\n --correct-drift-force Use --force when correcting drift. Resources can be deleted and recreated\n --correct-drift-keep-fail-history Keep helm history for failed rollbacks\n --debug Turn on debug logging\n --debug-level int If debugging is enabled, set klog -v=X\n -f, --file string Location of the fleet.yaml\n --helm-credentials-by-path-file string Path of file containing helm credentials for paths\n --helm-repo-url-regex string Helm credentials will be used if the helm repo matches this regex. Credentials will always be used if this is empty or not provided\n -h, --help help for apply\n --keep-resources Keep resources created after the GitRepo or Bundle is deleted\n -l, --label strings Labels to apply to created bundles\n -o, --output string Output contents to file or - for stdout\n --password-file string Path of file containing basic auth password for helm repo\n --paused Create bundles in a paused state\n -a, --service-account string Service account to assign to bundle created\n --ssh-privatekey-file string Path of ssh-private-key for helm repo\n --sync-generation int Generation number used to force sync the deployment\n --target-namespace string Ensure this bundle goes to this target namespace\n --targets-file string Addition source of targets and restrictions to be append\n --username string Basic auth username for helm repo\n")),(0,l.kt)("h3",{id:"options-inherited-from-parent-commands"},"Options inherited from parent commands"),(0,l.kt)("pre",null,(0,l.kt)("code",{parentName:"pre"},' --context string kubeconfig context for authentication\n -k, --kubeconfig string kubeconfig for authentication\n -n, --namespace string namespace (default "fleet-local")\n --system-namespace string System namespace of the controller (default "cattle-fleet-system")\n')),(0,l.kt)("h3",{id:"see-also"},"SEE ALSO"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"./fleet"},"fleet"),"\t -")))}f.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/fe8cb35a.a30107b1.js b/assets/js/fe8cb35a.b3def2b9.js similarity index 97% rename from assets/js/fe8cb35a.a30107b1.js rename to assets/js/fe8cb35a.b3def2b9.js index 61e9f27d4..49d3d5655 100644 --- a/assets/js/fe8cb35a.a30107b1.js +++ b/assets/js/fe8cb35a.b3def2b9.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1886],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.7/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.7/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.7/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-bundle-stages.md",tags:[],version:"0.7",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.7/concepts"},next:{title:"Git Repository Contents",permalink:"/0.7/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.7/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.7/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.7/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[1886],{3905:(e,t,n)=>{n.d(t,{Zo:()=>p,kt:()=>m});var r=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function a(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var s=r.createContext({}),c=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):a(a({},t),e)),n},p=function(e){var t=c(e.components);return r.createElement(s.Provider,{value:t},e.children)},u={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},d=r.forwardRef((function(e,t){var n=e.components,o=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),d=c(n),m=o,f=d["".concat(s,".").concat(m)]||d[m]||u[m]||l;return n?r.createElement(f,a(a({ref:t},p),{},{components:n})):r.createElement(f,a({ref:t},p))}));function m(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var l=n.length,a=new Array(l);a[0]=d;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i.mdxType="string"==typeof e?e:o,a[1]=i;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>a,default:()=>u,frontMatter:()=>l,metadata:()=>i,toc:()=>c});var r=n(7462),o=(n(7294),n(3905));const l={},a="Bundle Lifecycle",i={unversionedId:"ref-bundle-stages",id:"version-0.7/ref-bundle-stages",title:"Bundle Lifecycle",description:"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles.",source:"@site/versioned_docs/version-0.7/ref-bundle-stages.md",sourceDirName:".",slug:"/ref-bundle-stages",permalink:"/0.7/ref-bundle-stages",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/versioned_docs/version-0.7/ref-bundle-stages.md",tags:[],version:"0.7",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Core Concepts",permalink:"/0.7/concepts"},next:{title:"Git Repository Contents",permalink:"/0.7/gitrepo-content"}},s={},c=[],p={toc:c};function u(e){let{components:t,...l}=e;return(0,o.kt)("wrapper",(0,r.Z)({},p,l,{components:t,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"bundle-lifecycle"},"Bundle Lifecycle"),(0,o.kt)("p",null,"A bundle is an internal resource used for the orchestration of resources from git. When a GitRepo is scanned it will produce one or more bundles."),(0,o.kt)("p",null,"To demonstrate the life cycle of a Fleet bundle, we will use ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet-examples/tree/master/multi-cluster/helm"},"multi-cluster/helm")," as a case study."),(0,o.kt)("ol",null,(0,o.kt)("li",{parentName:"ol"},"User will create a ",(0,o.kt)("a",{parentName:"li",href:"/0.7/gitrepo-add#create-gitrepo-instance"},"GitRepo")," that points to the multi-cluster/helm repository."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will sync changes from the GitRepo and detect changes from the polling or ",(0,o.kt)("a",{parentName:"li",href:"/0.7/webhook"},"webhook event"),". With every commit change, the ",(0,o.kt)("inlineCode",{parentName:"li"},"gitjob-controller")," will create a job that clones the git repository, reads content from the repo such as ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet.yaml")," and other manifests, and creates the Fleet ",(0,o.kt)("a",{parentName:"li",href:"/0.7/cluster-bundles-state#bundles"},"bundle"),".")),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},(0,o.kt)("strong",{parentName:"p"},"Note:")," The job pod with the image name ",(0,o.kt)("inlineCode",{parentName:"p"},"rancher/tekton-utils")," will be under the same namespace as the GitRepo.")),(0,o.kt)("ol",{start:3},(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," then syncs changes from the bundle. According to the targets, the ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-controller")," will create ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," resources, which are a combination of a bundle and a target cluster."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will then pull the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," from the Fleet controlplane. The agent deploys bundle manifests as a ",(0,o.kt)("a",{parentName:"li",href:"https://helm.sh/docs/intro/install/"},"Helm chart")," from the ",(0,o.kt)("inlineCode",{parentName:"li"},"BundleDeployment")," into the downstream clusters."),(0,o.kt)("li",{parentName:"ol"},"The ",(0,o.kt)("inlineCode",{parentName:"li"},"fleet-agent")," will continue to monitor the application bundle and report statuses back in the following order: bundledeployment > bundle > GitRepo > cluster.")),(0,o.kt)("p",null,"This diagram shows the different rendering stages a bundle goes through until deployment."),(0,o.kt)("p",null,(0,o.kt)("img",{alt:"Bundle Stages",src:n(5208).Z,width:"711",height:"803"})))}u.isMDXComponent=!0},5208:(e,t,n)=>{n.d(t,{Z:()=>r});const r=n.p+"assets/images/FleetBundleStages-266005b85e14d0b48d2e1067b8641f83.svg"}}]); \ No newline at end of file diff --git a/assets/js/ffe5129d.daa62715.js b/assets/js/ffe5129d.5c164eec.js similarity index 89% rename from assets/js/ffe5129d.daa62715.js rename to assets/js/ffe5129d.5c164eec.js index a967fc0ba..a7798bbec 100644 --- a/assets/js/ffe5129d.daa62715.js +++ b/assets/js/ffe5129d.5c164eec.js @@ -1 +1 @@ -"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5532],{3905:(e,t,n)=>{n.d(t,{Zo:()=>u,kt:()=>m});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),c=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},u=function(e){var t=c(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},f=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,u=o(e,["components","mdxType","originalType","parentName"]),f=c(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||r;return n?a.createElement(d,i(i({ref:t},u),{},{components:n})):a.createElement(d,i({ref:t},u))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var c=2;c{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>r,metadata:()=>o,toc:()=>c});var a=n(7462),l=(n(7294),n(3905));const r={},i="Configuration",o={unversionedId:"ref-configuration",id:"ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/docs/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-configuration.md",tags:[],version:"current",lastUpdatedAt:1698667110,formattedLastUpdatedAt:"Oct 30, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/ref-registration"},next:{title:"List of Deployed Resources",permalink:"/ref-resources"}},s={},c=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2},{value:"Fleet agent configuration",id:"fleet-agent-configuration",level:2}],u={toc:c};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},u,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"configuration"},"Configuration"),(0,l.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,l.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,l.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,l.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,l.kt)("p",null,"The controllers can be started with these environment variables:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,l.kt)("h2",{id:"configuration-1"},"Configuration"),(0,l.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,l.kt)("p",null,"The config ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent"),(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller")),(0,l.kt)("h2",{id:"labels"},"Labels"),(0,l.kt)("p",null,"Labels used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,l.kt)("h2",{id:"annotations"},"Annotations"),(0,l.kt)("p",null,"Annotations used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))),(0,l.kt)("h2",{id:"fleet-agent-configuration"},"Fleet agent configuration"),(0,l.kt)("p",null,"Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a\n",(0,l.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/ref-crds#clusterspec"},"Cluster"),", see ",(0,l.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/cluster-registration"},"Registering Downstream Cluster")," for more info on how to create\nClusters. Default configuration will be used if these fields are not provided."),(0,l.kt)("p",null,"If you change the resources limits, make sure the limits allow the fleet-agent to work normally."),(0,l.kt)("p",null,"Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults.\nAgents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate."))}p.isMDXComponent=!0}}]); \ No newline at end of file +"use strict";(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[5532],{3905:(e,t,n)=>{n.d(t,{Zo:()=>c,kt:()=>m});var a=n(7294);function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function i(e){for(var t=1;t=0||(l[n]=e[n]);return l}(e,t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(l[n]=e[n])}return l}var s=a.createContext({}),u=function(e){var t=a.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):i(i({},t),e)),n},c=function(e){var t=u(e.components);return a.createElement(s.Provider,{value:t},e.children)},p={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},f=a.forwardRef((function(e,t){var n=e.components,l=e.mdxType,r=e.originalType,s=e.parentName,c=o(e,["components","mdxType","originalType","parentName"]),f=u(n),m=l,d=f["".concat(s,".").concat(m)]||f[m]||p[m]||r;return n?a.createElement(d,i(i({ref:t},c),{},{components:n})):a.createElement(d,i({ref:t},c))}));function m(e,t){var n=arguments,l=t&&t.mdxType;if("string"==typeof e||l){var r=n.length,i=new Array(r);i[0]=f;var o={};for(var s in t)hasOwnProperty.call(t,s)&&(o[s]=t[s]);o.originalType=e,o.mdxType="string"==typeof e?e:l,i[1]=o;for(var u=2;u{n.r(t),n.d(t,{assets:()=>s,contentTitle:()=>i,default:()=>p,frontMatter:()=>r,metadata:()=>o,toc:()=>u});var a=n(7462),l=(n(7294),n(3905));const r={},i="Configuration",o={unversionedId:"ref-configuration",id:"ref-configuration",title:"Configuration",description:"A reference list of, mostly internal, configuration options.",source:"@site/docs/ref-configuration.md",sourceDirName:".",slug:"/ref-configuration",permalink:"/ref-configuration",draft:!1,editUrl:"https://github.com/rancher/fleet-docs/edit/main/docs/ref-configuration.md",tags:[],version:"current",lastUpdatedAt:1700144279,formattedLastUpdatedAt:"Nov 16, 2023",frontMatter:{},sidebar:"docs",previous:{title:"Cluster Registration Internals",permalink:"/ref-registration"},next:{title:"List of Deployed Resources",permalink:"/ref-resources"}},s={},u=[{value:"Helm Charts",id:"helm-charts",level:2},{value:"Environment Variables",id:"environment-variables",level:2},{value:"Configuration",id:"configuration-1",level:2},{value:"Labels",id:"labels",level:2},{value:"Annotations",id:"annotations",level:2},{value:"Fleet agent configuration",id:"fleet-agent-configuration",level:2}],c={toc:u};function p(e){let{components:t,...n}=e;return(0,l.kt)("wrapper",(0,a.Z)({},c,n,{components:t,mdxType:"MDXLayout"}),(0,l.kt)("h1",{id:"configuration"},"Configuration"),(0,l.kt)("p",null,"A reference list of, mostly internal, configuration options."),(0,l.kt)("h2",{id:"helm-charts"},"Helm Charts"),(0,l.kt)("p",null,"The Helm charts accept, at least, the options as shown with their default in ",(0,l.kt)("inlineCode",{parentName:"p"},"values.yaml"),":"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-crds/values.yaml")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"},"https://github.com/rancher/fleet/blob/master/charts/fleet-agent/values.yaml"))),(0,l.kt)("h2",{id:"environment-variables"},"Environment Variables"),(0,l.kt)("p",null,"The controllers can be started with these environment variables:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"CATTLE_DEV_MODE")," - used to debug wrangler, not usable"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CLUSTER_ENQUEUE_DELAY")," - tune how often non-ready clusters are checked"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"FLEET_CPU_PPROF_PERIOD")," - used to turn on ",(0,l.kt)("a",{parentName:"li",href:"https://github.com/rancher/fleet/blob/master/docs/performance.md"},"performance profiling"))),(0,l.kt)("h2",{id:"configuration-1"},"Configuration"),(0,l.kt)("p",null,"In cluster configuration for the agent and fleet manager. Changing these can lead to full re-deployments."),(0,l.kt)("p",null,"The config ",(0,l.kt)("a",{parentName:"p",href:"https://github.com/rancher/fleet/blob/master/pkg/config/config.go#L40-L52"},"struct")," is used in both config maps:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-agent"),(0,l.kt)("li",{parentName:"ul"},"cattle-fleet-system/fleet-controller")),(0,l.kt)("h2",{id:"labels"},"Labels"),(0,l.kt)("p",null,"Labels used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent=true")," - NodeSelector label for agent's deployment affinity setting"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/non-managed-agent")," - managed agent bundle won't target Clusters with this label"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/repo-name")," - used on Bundle to reference the git repo resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-namespace")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-name")," - used on BundleDeployment to reference the Bundle resource"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed=true")," - cluster namespaces with this label will be cleaned up. Other resources will be cleaned up if it is in a label. Used in Rancher to identify fleet namespaces."),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bootstrap-token")," - unused")),(0,l.kt)("h2",{id:"annotations"},"Annotations"),(0,l.kt)("p",null,"Annotations used by fleet:"),(0,l.kt)("ul",null,(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/agent-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/bundle-id")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster"),", ",(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-namespace")," - used on a cluster namespace to reference the cluster registration namespace and cluster name"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-group")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration-namespace")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/cluster-registration")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/commit")),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/managed")," - appears unused"),(0,l.kt)("li",{parentName:"ul"},(0,l.kt)("inlineCode",{parentName:"li"},"fleet.cattle.io/service-account"))),(0,l.kt)("h2",{id:"fleet-agent-configuration"},"Fleet agent configuration"),(0,l.kt)("p",null,"Tolerations, affinity and resources can be customized for the Fleet agent. These fields can be provided when creating a\n",(0,l.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/ref-crds#clusterspec"},"Cluster"),", see ",(0,l.kt)("a",{parentName:"p",href:"https://fleet.rancher.io/cluster-registration"},"Registering Downstream Cluster")," for more info on how to create\nClusters. Default configuration will be used if these fields are not provided."),(0,l.kt)("p",null,"If you change the resources limits, make sure the limits allow the fleet-agent to work normally."),(0,l.kt)("p",null,"Keep in mind that if you downgrade Fleet to a previous version than v0.7.0 Fleet will fallback to the built-in defaults.\nAgents will redeploy if they had custom affinity. If Fleet version number does not change, redeployment might not be immediate."))}p.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/main.434d5c32.js b/assets/js/main.434d5c32.js deleted file mode 100644 index 8708b77dc..000000000 --- a/assets/js/main.434d5c32.js +++ /dev/null @@ -1,2 +0,0 @@ -/*! For license information please see main.434d5c32.js.LICENSE.txt */ -(self.webpackChunkfleet_docs=self.webpackChunkfleet_docs||[]).push([[179],{830:(e,t,n)=>{"use strict";n.d(t,{W:()=>a});var r=n(7294);function a(){return r.createElement("svg",{width:"20",height:"20",className:"DocSearch-Search-Icon",viewBox:"0 0 20 20"},r.createElement("path",{d:"M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z",stroke:"currentColor",fill:"none",fillRule:"evenodd",strokeLinecap:"round",strokeLinejoin:"round"}))}},723:(e,t,n)=>{"use strict";n.d(t,{Z:()=>p});var r=n(7294),a=n(7462),o=n(8356),i=n.n(o),l=n(6887);const s={"01b4035b":[()=>n.e(8002).then(n.bind(n,9135)),"@site/docs/namespaces.md",9135],"0209d9e7":[()=>n.e(9766).then(n.bind(n,8851)),"@site/versioned_docs/version-0.7/ref-gitrepo.md",8851],"0252b8ff":[()=>n.e(4311).then(n.bind(n,4465)),"@site/versioned_docs/version-0.4/gitrepo-structure.md",4465],"0364e902":[()=>n.e(1263).then(n.bind(n,6123)),"@site/versioned_docs/version-0.7/namespaces.md",6123],"06df35bc":[()=>n.e(2357).then(n.t.bind(n,9295,19)),"~docs/default/version-0-5-metadata-prop-20e.json",9295],"07db75e5":[()=>Promise.all([n.e(532),n.e(9056),n.e(7966)]).then(n.bind(n,8469)),"@site/versioned_docs/version-0.5/agent-initiated.md",8469],"095d9053":[()=>n.e(6700).then(n.bind(n,5843)),"@site/versioned_docs/version-0.8/gitrepo-targets.md",5843],"0a06c365":[()=>Promise.all([n.e(532),n.e(9056),n.e(1371)]).then(n.bind(n,2615)),"@site/versioned_docs/version-0.5/multi-cluster-install.md",2615],"0ab79735":[()=>Promise.all([n.e(532),n.e(9056),n.e(7333)]).then(n.bind(n,4951)),"@site/versioned_docs/version-0.8/installation.md",4951],"0acb2694":[()=>n.e(961).then(n.bind(n,4221)),"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet.md",4221],"0bd7b06f":[()=>n.e(6422).then(n.bind(n,6218)),"@site/versioned_docs/version-0.7/gitrepo-add.md",6218],"0ce1d2b6":[()=>n.e(8646).then(n.bind(n,8830)),"@site/versioned_docs/version-0.6/gitrepo-content.md",8830],"0db4760e":[()=>n.e(2771).then(n.bind(n,8095)),"@site/versioned_docs/version-0.6/gitrepo-add.md",8095],"0e50cd4d":[()=>n.e(6560).then(n.bind(n,5807)),"@site/versioned_docs/version-0.5/cluster-group.md",5807],"0f38f188":[()=>n.e(6266).then(n.bind(n,7727)),"@site/versioned_docs/version-0.7/webhook.md",7727],"10f03480":[()=>n.e(5945).then(n.bind(n,3813)),"@site/versioned_docs/version-0.4/examples.md",3813],"11f54a6a":[()=>n.e(7301).then(n.bind(n,617)),"@site/versioned_docs/version-0.5/gitrepo-add.md",617],"12f4838b":[()=>n.e(8795).then(n.bind(n,8169)),"@site/versioned_docs/version-0.5/manager-initiated.md",8169],"140acae8":[()=>n.e(6351).then(n.bind(n,9815)),"@site/versioned_docs/version-0.7/ref-fleet-yaml.md",9815],"167e2e0a":[()=>n.e(4552).then(n.bind(n,2439)),"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet_apply.md",2439],"170989a3":[()=>n.e(7107).then(n.bind(n,8449)),"@site/versioned_docs/version-0.6/index.md",8449],17896441:[()=>Promise.all([n.e(532),n.e(9056),n.e(7918)]).then(n.bind(n,5836)),"@theme/DocItem",5836],"17b50570":[()=>n.e(9593).then(n.t.bind(n,6514,19)),"~docs/default/version-0-4-metadata-prop-a32.json",6514],"1a4e3797":[()=>Promise.all([n.e(532),n.e(7920)]).then(n.bind(n,6675)),"@theme/SearchPage",6675],"1bd61b9d":[()=>n.e(6950).then(n.bind(n,4326)),"@site/versioned_docs/version-0.6/bundle-diffs.md",4326],"1be78505":[()=>Promise.all([n.e(532),n.e(9514)]).then(n.bind(n,9963)),"@theme/DocPage",9963],"1f14308a":[()=>n.e(4728).then(n.bind(n,7434)),"@site/versioned_docs/version-0.5/imagescan.md",7434],"1f330703":[()=>n.e(8134).then(n.bind(n,8459)),"@site/versioned_docs/version-0.8/architecture.md",8459],"1f8b8b7b":[()=>n.e(9733).then(n.bind(n,1474)),"@site/versioned_docs/version-0.8/uninstall.md",1474],"1fec2b35":[()=>n.e(3325).then(n.bind(n,522)),"@site/versioned_docs/version-0.4/cluster-bundles-state.md",522],20889235:[()=>n.e(1043).then(n.bind(n,99)),"@site/versioned_docs/version-0.7/cluster-group.md",99],"21d02ecb":[()=>n.e(6985).then(n.bind(n,6938)),"@site/versioned_docs/version-0.8/ref-registration.md",6938],"22b369d5":[()=>n.e(7539).then(n.bind(n,7100)),"@site/versioned_docs/version-0.4/uninstall.md",7100],"246340c6":[()=>n.e(4508).then(n.bind(n,1581)),"@site/versioned_docs/version-0.6/gitrepo-targets.md",1581],"250ffcdd":[()=>n.e(5519).then(n.bind(n,1651)),"@site/versioned_docs/version-0.8/troubleshooting.md",1651],"2579085f":[()=>Promise.all([n.e(532),n.e(9056),n.e(1732)]).then(n.bind(n,8650)),"@site/versioned_docs/version-0.8/tut-deployment.md",8650],"2938f7a2":[()=>n.e(4717).then(n.bind(n,6750)),"@site/versioned_docs/version-0.7/ref-registration.md",6750],"2c86db16":[()=>n.e(5192).then(n.bind(n,351)),"@site/versioned_docs/version-0.7/ref-bundle.md",351],"2d618eff":[()=>n.e(7224).then(n.bind(n,4842)),"@site/versioned_docs/version-0.4/troubleshooting.md",4842],"2dc49bc9":[()=>n.e(8459).then(n.bind(n,9579)),"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_test.md",9579],"2f0f344d":[()=>n.e(5765).then(n.t.bind(n,7085,19)),"/home/runner/work/fleet-docs/fleet-docs/.docusaurus/docusaurus-theme-search-algolia/default/plugin-route-context-module-100.json",7085],"32a14031":[()=>n.e(8794).then(n.bind(n,2228)),"@site/versioned_docs/version-0.8/ref-gitrepo.md",2228],"32c7bf40":[()=>n.e(6095).then(n.bind(n,3132)),"@site/versioned_docs/version-0.6/ref-fleet-yaml.md",3132],"340d0560":[()=>n.e(9246).then(n.bind(n,5302)),"@site/docs/cli/fleet-agent/fleet-agent.md",5302],"34a3c1ae":[()=>n.e(5776).then(n.bind(n,2931)),"@site/versioned_docs/version-0.4/gitrepo-add.md",2931],"34c1e1e7":[()=>n.e(7571).then(n.bind(n,9137)),"@site/versioned_docs/version-0.8/ref-configuration.md",9137],"34eb4307":[()=>n.e(7314).then(n.bind(n,684)),"@site/versioned_docs/version-0.4/index.md",684],"3718f698":[()=>n.e(5763).then(n.bind(n,9096)),"@site/docs/cluster-bundles-state.md",9096],"39f5e362":[()=>n.e(6943).then(n.bind(n,6020)),"@site/versioned_docs/version-0.5/concepts.md",6020],"3a2a2cbe":[()=>n.e(6190).then(n.bind(n,1240)),"@site/versioned_docs/version-0.7/bundle-add.md",1240],"3b8c55ea":[()=>Promise.all([n.e(532),n.e(9056),n.e(3217)]).then(n.bind(n,9250)),"@site/docs/installation.md",9250],"3d7b86e7":[()=>n.e(3951).then(n.bind(n,5382)),"@site/versioned_docs/version-0.6/ref-resources.md",5382],"4177aba1":[()=>Promise.all([n.e(532),n.e(9056),n.e(2992)]).then(n.bind(n,9325)),"@site/versioned_docs/version-0.8/quickstart.md",9325],"45a5cd1f":[()=>n.e(3365).then(n.bind(n,5059)),"@site/docs/concepts.md",5059],"46c9c1f8":[()=>n.e(252).then(n.bind(n,7925)),"@site/versioned_docs/version-0.6/ref-registration.md",7925],"49af6a86":[()=>n.e(7619).then(n.bind(n,5692)),"@site/versioned_docs/version-0.4/architecture.md",5692],"4ccb6852":[()=>n.e(3084).then(n.bind(n,8921)),"@site/docs/cluster-group.md",8921],"4fac8f87":[()=>n.e(7526).then(n.bind(n,827)),"@site/versioned_docs/version-0.4/quickstart.md",827],"504a9fc5":[()=>n.e(936).then(n.bind(n,2692)),"@site/versioned_docs/version-0.8/concepts.md",2692],"50b0676a":[()=>n.e(2088).then(n.bind(n,6034)),"@site/versioned_docs/version-0.8/cli/fleet-cli/fleet_test.md",6034],"5176c92e":[()=>n.e(4955).then(n.bind(n,4574)),"@site/versioned_docs/version-0.7/uninstall.md",4574],"522d95f1":[()=>n.e(5279).then(n.bind(n,1990)),"@site/versioned_docs/version-0.4/multi-cluster-install.md",1990],"5281b7a2":[()=>n.e(5927).then(n.bind(n,1527)),"@site/docs/architecture.md",1527],"5379b7b3":[()=>n.e(8228).then(n.bind(n,4797)),"@site/versioned_docs/version-0.5/cluster-overview.md",4797],"5388fcb8":[()=>n.e(6673).then(n.bind(n,3348)),"@site/versioned_docs/version-0.7/ref-resources.md",3348],"53c8b813":[()=>n.e(2837).then(n.bind(n,3021)),"@site/versioned_docs/version-0.6/ref-bundle-stages.md",3021],"53da1243":[()=>n.e(1866).then(n.bind(n,8710)),"@site/versioned_docs/version-0.8/namespaces.md",8710],"5979dd46":[()=>n.e(4637).then(n.t.bind(n,5135,19)),"~docs/default/version-0-8-metadata-prop-b98.json",5135],"5a165616":[()=>n.e(5764).then(n.bind(n,281)),"@site/docs/gitrepo-add.md",281],"5ff573a6":[()=>Promise.all([n.e(532),n.e(9056),n.e(7640)]).then(n.bind(n,9267)),"@site/versioned_docs/version-0.7/cluster-registration.md",9267],"60bcd92c":[()=>Promise.all([n.e(532),n.e(9056),n.e(314)]).then(n.bind(n,1843)),"@site/versioned_docs/version-0.6/cluster-registration.md",1843],"612623d2":[()=>n.e(7540).then(n.bind(n,6307)),"@site/docs/cli/fleet-cli/fleet_cleanup.md",6307],"62bbc60f":[()=>n.e(6295).then(n.bind(n,6672)),"@site/versioned_docs/version-0.6/namespaces.md",6672],"6349fbc0":[()=>n.e(7383).then(n.bind(n,8628)),"@site/versioned_docs/version-0.8/ref-crds.md",8628],"635f26b6":[()=>Promise.all([n.e(532),n.e(9056),n.e(8927)]).then(n.bind(n,3472)),"@site/versioned_docs/version-0.8/cluster-registration.md",3472],"63e62f73":[()=>n.e(9719).then(n.bind(n,4360)),"@site/docs/cli/fleet-controller/fleet-manager.md",4360],"64b4770e":[()=>n.e(8976).then(n.bind(n,2025)),"@site/versioned_docs/version-0.8/gitrepo-content.md",2025],"6638db74":[()=>n.e(5408).then(n.t.bind(n,7713,19)),"~docs/default/version-0-7-metadata-prop-0bf.json",7713],"680ed9ed":[()=>n.e(835).then(n.bind(n,2301)),"@site/versioned_docs/version-0.4/manager-initiated.md",2301],"6a840bac":[()=>Promise.all([n.e(532),n.e(9056),n.e(7203)]).then(n.bind(n,820)),"@site/versioned_docs/version-0.6/quickstart.md",820],"6cbe47eb":[()=>n.e(5117).then(n.bind(n,5230)),"@site/versioned_docs/version-0.8/cli/fleet-agent/fleet-agent.md",5230],"6cf4c0df":[()=>n.e(2418).then(n.bind(n,6146)),"@site/versioned_docs/version-0.5/webhook.md",6146],"6faa62d7":[()=>n.e(8539).then(n.bind(n,9924)),"@site/versioned_docs/version-0.6/cli/fleet-agent/fleet-agent.md",9924],"702cd497":[()=>n.e(4895).then(n.bind(n,3137)),"@site/versioned_docs/version-0.8/ref-bundle-stages.md",3137],"7292ec22":[()=>n.e(2404).then(n.bind(n,7681)),"@site/versioned_docs/version-0.6/cluster-bundles-state.md",7681],"755aca7b":[()=>n.e(9816).then(n.bind(n,4786)),"@site/versioned_docs/version-0.5/installation.md",4786],"762abe3e":[()=>n.e(6961).then(n.bind(n,2386)),"@site/docs/ref-resources.md",2386],"7712976a":[()=>n.e(3551).then(n.bind(n,2576)),"@site/versioned_docs/version-0.8/webhook.md",2576],"77fc540a":[()=>n.e(5600).then(n.bind(n,9782)),"@site/versioned_docs/version-0.7/cli/fleet-agent/fleet-agent.md",9782],"7a815aed":[()=>n.e(488).then(n.bind(n,9930)),"@site/versioned_docs/version-0.6/webhook.md",9930],"7b64d2e8":[()=>n.e(1416).then(n.bind(n,5753)),"@site/docs/bundle-add.md",5753],"7c5d32d8":[()=>n.e(6250).then(n.bind(n,4050)),"@site/versioned_docs/version-0.4/concepts.md",4050],"7f3d36ad":[()=>n.e(6255).then(n.bind(n,9038)),"@site/versioned_docs/version-0.5/architecture.md",9038],"8070e160":[()=>Promise.all([n.e(532),n.e(9056),n.e(2651)]).then(n.bind(n,2257)),"@site/docs/quickstart.md",2257],"82782dff":[()=>n.e(7811).then(n.bind(n,6784)),"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet.md",6784],"8307bb82":[()=>n.e(5386).then(n.bind(n,1584)),"@site/versioned_docs/version-0.6/architecture.md",1584],"834808ff":[()=>n.e(3814).then(n.bind(n,508)),"@site/docs/ref-registration.md",508],"847b3bc4":[()=>n.e(5435).then(n.bind(n,5899)),"@site/versioned_docs/version-0.5/uninstall.md",5899],"857d18b5":[()=>n.e(6076).then(n.bind(n,7554)),"@site/versioned_docs/version-0.6/troubleshooting.md",7554],"87469ac3":[()=>n.e(7579).then(n.bind(n,7725)),"@site/versioned_docs/version-0.7/ref-crds.md",7725],"88f3f33f":[()=>n.e(5940).then(n.bind(n,786)),"@site/versioned_docs/version-0.8/cluster-group.md",786],"8eb509d6":[()=>n.e(3220).then(n.bind(n,725)),"@site/versioned_docs/version-0.6/cli/fleet-controller/fleet-manager.md",725],"8ff6a575":[()=>Promise.all([n.e(532),n.e(9056),n.e(6061)]).then(n.bind(n,257)),"@site/versioned_docs/version-0.7/tut-deployment.md",257],"904bb95d":[()=>n.e(427).then(n.bind(n,4103)),"@site/docs/ref-bundle.md",4103],"909a121f":[()=>n.e(2044).then(n.bind(n,8219)),"@site/versioned_docs/version-0.7/gitrepo-content.md",8219],"922074e2":[()=>n.e(2717).then(n.bind(n,3027)),"@site/versioned_docs/version-0.8/ref-resources.md",3027],"93002d83":[()=>n.e(3522).then(n.t.bind(n,8922,19)),"~docs/default/version-0-6-metadata-prop-c46.json",8922],"935f2afb":[()=>n.e(53).then(n.t.bind(n,1109,19)),"~docs/default/version-current-metadata-prop-751.json",1109],"9533a6b7":[()=>n.e(9353).then(n.bind(n,3269)),"@site/versioned_docs/version-0.5/gitrepo-targets.md",3269],"95a72457":[()=>n.e(4126).then(n.bind(n,8234)),"@site/docs/multi-user.md",8234],"963c03f5":[()=>n.e(203).then(n.bind(n,909)),"@site/versioned_docs/version-0.7/ref-configuration.md",909],"96465f27":[()=>n.e(7537).then(n.bind(n,9382)),"@site/versioned_docs/version-0.8/bundle-diffs.md",9382],"97c3cd43":[()=>n.e(2299).then(n.bind(n,8667)),"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet.md",8667],"984cdf04":[()=>Promise.all([n.e(532),n.e(9056),n.e(1332)]).then(n.bind(n,5083)),"@site/versioned_docs/version-0.6/tut-deployment.md",5083],"9c942e60":[()=>n.e(9801).then(n.bind(n,4579)),"@site/versioned_docs/version-0.7/imagescan.md",4579],"9d91368e":[()=>n.e(501).then(n.bind(n,4076)),"@site/versioned_docs/version-0.8/imagescan.md",4076],"9d9f8394":[()=>n.e(9360).then(n.bind(n,9222)),"@site/docs/troubleshooting.md",9222],"9db89767":[()=>n.e(9510).then(n.bind(n,3062)),"@site/versioned_docs/version-0.7/multi-user.md",3062],a06c6d5b:[()=>n.e(3803).then(n.bind(n,683)),"@site/docs/gitrepo-content.md",683],a2c468b1:[()=>n.e(2361).then(n.bind(n,8993)),"@site/versioned_docs/version-0.4/bundle-diffs.md",8993],a60f0c4b:[()=>n.e(1079).then(n.bind(n,1586)),"@site/versioned_docs/version-0.7/index.md",1586],a8ca5d11:[()=>n.e(1697).then(n.bind(n,4143)),"@site/versioned_docs/version-0.8/gitrepo-add.md",4143],a9e7f6cd:[()=>n.e(7169).then(n.bind(n,5357)),"@site/versioned_docs/version-0.4/installation.md",5357],ab0c1f88:[()=>n.e(946).then(n.bind(n,2942)),"@site/versioned_docs/version-0.8/resources-during-deployment.md",2942],aba71817:[()=>n.e(8813).then(n.bind(n,3230)),"@site/docs/ref-bundle-stages.md",3230],abf95bb4:[()=>n.e(7767).then(n.bind(n,8108)),"@site/versioned_docs/version-0.7/cluster-bundles-state.md",8108],ae2335f3:[()=>Promise.all([n.e(532),n.e(9056),n.e(1049)]).then(n.bind(n,8105)),"@site/docs/cluster-registration.md",8105],aee07340:[()=>n.e(4777).then(n.bind(n,8569)),"@site/versioned_docs/version-0.7/gitrepo-targets.md",8569],af10d9fb:[()=>n.e(3632).then(n.bind(n,598)),"@site/docs/cli/fleet-cli/fleet_apply.md",598],af48bdba:[()=>n.e(964).then(n.bind(n,7330)),"@site/versioned_docs/version-0.5/cluster-bundles-state.md",7330],b2456c44:[()=>n.e(1760).then(n.bind(n,2107)),"@site/docs/ref-fleet-yaml.md",2107],b283d2e2:[()=>n.e(5479).then(n.bind(n,8470)),"@site/versioned_docs/version-0.8/ref-fleet-yaml.md",8470],b32c755c:[()=>n.e(859).then(n.bind(n,283)),"@site/versioned_docs/version-0.5/bundle-diffs.md",283],b60b3bd8:[()=>n.e(4917).then(n.bind(n,8874)),"@site/versioned_docs/version-0.4/cluster-group.md",8874],b7ae13b2:[()=>n.e(6588).then(n.bind(n,5048)),"@site/docs/uninstall.md",5048],b8f3160f:[()=>n.e(8711).then(n.bind(n,6611)),"@site/docs/gitrepo-targets.md",6611],b9a03c38:[()=>n.e(4581).then(n.bind(n,1352)),"@site/versioned_docs/version-0.5/examples.md",1352],bd465781:[()=>n.e(2112).then(n.bind(n,1840)),"@site/docs/cli/fleet-cli/fleet.md",1840],c1eb0b52:[()=>n.e(4572).then(n.bind(n,7790)),"@site/versioned_docs/version-0.6/ref-configuration.md",7790],c2bab82f:[()=>Promise.all([n.e(532),n.e(9056),n.e(824)]).then(n.bind(n,4721)),"@site/versioned_docs/version-0.6/installation.md",4721],c377a04b:[()=>n.e(6971).then(n.bind(n,1269)),"@site/docs/index.md",1269],c3dfc33d:[()=>n.e(2276).then(n.bind(n,2018)),"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet_test.md",2018],c67695e7:[()=>n.e(8252).then(n.bind(n,2358)),"@site/docs/resources-during-deployment.md",2358],c6aa770e:[()=>n.e(844).then(n.bind(n,8111)),"@site/versioned_docs/version-0.6/concepts.md",8111],c7381d34:[()=>n.e(7544).then(n.bind(n,534)),"@site/docs/webhook.md",534],c916adcd:[()=>Promise.all([n.e(532),n.e(9056),n.e(7155)]).then(n.bind(n,1079)),"@site/versioned_docs/version-0.7/quickstart.md",1079],cd0bf424:[()=>n.e(208).then(n.bind(n,9941)),"@site/versioned_docs/version-0.4/single-cluster-install.md",9941],cd323ffc:[()=>n.e(1910).then(n.bind(n,8607)),"@site/docs/imagescan.md",8607],ce48e831:[()=>n.e(3859).then(n.bind(n,1663)),"@site/versioned_docs/version-0.7/concepts.md",1663],ce534227:[()=>n.e(6342).then(n.bind(n,1899)),"@site/versioned_docs/version-0.6/ref-gitrepo.md",1899],cf6f5f9b:[()=>n.e(9863).then(n.bind(n,314)),"@site/versioned_docs/version-0.7/architecture.md",314],d277059e:[()=>n.e(2491).then(n.bind(n,701)),"@site/versioned_docs/version-0.7/cli/fleet-cli/fleet_apply.md",701],d3d84dd8:[()=>n.e(1898).then(n.bind(n,9996)),"@site/versioned_docs/version-0.8/cli/fleet-controller/fleet-manager.md",9996],d3d9887a:[()=>n.e(3714).then(n.bind(n,9226)),"@site/versioned_docs/version-0.5/gitrepo-structure.md",9226],d6daf0cc:[()=>n.e(8021).then(n.bind(n,4646)),"@site/docs/ref-gitrepo.md",4646],d8f58335:[()=>n.e(764).then(n.bind(n,1318)),"@site/versioned_docs/version-0.4/advanced-users.md",1318],da21831e:[()=>n.e(4893).then(n.bind(n,1627)),"@site/versioned_docs/version-0.5/advanced-users.md",1627],db0ebd24:[()=>n.e(5565).then(n.bind(n,4995)),"@site/versioned_docs/version-0.8/ref-bundle.md",4995],dd67116e:[()=>n.e(2425).then(n.bind(n,9486)),"@site/versioned_docs/version-0.4/cluster-tokens.md",9486],dd81469d:[()=>n.e(8361).then(n.bind(n,5681)),"@site/docs/cli/fleet-cli/fleet_test.md",5681],de08e76e:[()=>n.e(299).then(n.bind(n,2444)),"@site/docs/ref-crds.md",2444],dfa3dc49:[()=>Promise.all([n.e(532),n.e(9056),n.e(599)]).then(n.bind(n,4757)),"@site/docs/tut-deployment.md",4757],e0636556:[()=>n.e(6418).then(n.bind(n,3662)),"@site/versioned_docs/version-0.5/index.md",3662],e252aa27:[()=>n.e(5854).then(n.bind(n,5506)),"@site/versioned_docs/version-0.5/cluster-tokens.md",5506],e348fb9e:[()=>n.e(6645).then(n.bind(n,537)),"@site/versioned_docs/version-0.7/troubleshooting.md",537],e35f16a8:[()=>n.e(2952).then(n.bind(n,585)),"@site/versioned_docs/version-0.7/cli/fleet-controller/fleet-manager.md",585],e3aa6547:[()=>n.e(1462).then(n.bind(n,5312)),"@site/versioned_docs/version-0.4/imagescan.md",5312],e431d4ee:[()=>Promise.all([n.e(532),n.e(9056),n.e(295)]).then(n.bind(n,4623)),"@site/versioned_docs/version-0.7/installation.md",4623],e50ee9c3:[()=>n.e(7677).then(n.bind(n,603)),"@site/versioned_docs/version-0.8/cluster-bundles-state.md",603],e89d2f4d:[()=>n.e(8049).then(n.bind(n,1219)),"@site/versioned_docs/version-0.6/uninstall.md",1219],e9efc8c6:[()=>n.e(5e3).then(n.bind(n,3520)),"@site/versioned_docs/version-0.7/bundle-diffs.md",3520],ebf52154:[()=>Promise.all([n.e(532),n.e(9056),n.e(6393)]).then(n.bind(n,1453)),"@site/versioned_docs/version-0.5/quickstart.md",1453],ec9fa214:[()=>n.e(247).then(n.bind(n,3425)),"@site/versioned_docs/version-0.8/multi-user.md",3425],ee0e1228:[()=>n.e(8092).then(n.t.bind(n,3769,19)),"/home/runner/work/fleet-docs/fleet-docs/.docusaurus/docusaurus-plugin-content-docs/default/plugin-route-context-module-100.json",3769],f14b6af8:[()=>n.e(6469).then(n.bind(n,5164)),"@site/versioned_docs/version-0.6/cli/fleet-cli/fleet_apply.md",5164],f347fdc1:[()=>n.e(307).then(n.bind(n,4627)),"@site/versioned_docs/version-0.8/bundle-add.md",4627],f4793a78:[()=>n.e(5455).then(n.bind(n,5097)),"@site/versioned_docs/version-0.6/cluster-group.md",5097],f531b716:[()=>n.e(4203).then(n.bind(n,3167)),"@site/versioned_docs/version-0.6/imagescan.md",3167],f63438e5:[()=>n.e(665).then(n.bind(n,9776)),"@site/versioned_docs/version-0.4/webhook.md",9776],f66ef323:[()=>n.e(1296).then(n.bind(n,2867)),"@site/versioned_docs/version-0.6/ref-crds.md",2867],f6748474:[()=>n.e(4339).then(n.bind(n,2737)),"@site/versioned_docs/version-0.4/cluster-overview.md",2737],f7c88408:[()=>n.e(4235).then(n.bind(n,2950)),"@site/versioned_docs/version-0.6/multi-user.md",2950],f7cf1511:[()=>n.e(5225).then(n.bind(n,1693)),"@site/versioned_docs/version-0.5/troubleshooting.md",1693],f8113afe:[()=>Promise.all([n.e(532),n.e(9056),n.e(6957)]).then(n.bind(n,7600)),"@site/versioned_docs/version-0.5/single-cluster-install.md",7600],f8909550:[()=>n.e(7893).then(n.bind(n,1377)),"@site/versioned_docs/version-0.4/namespaces.md",1377],fb76c575:[()=>n.e(3200).then(n.bind(n,4604)),"@site/versioned_docs/version-0.4/agent-initiated.md",4604],fbaf079d:[()=>n.e(2030).then(n.bind(n,3495)),"@site/docs/bundle-diffs.md",3495],fbcf914d:[()=>n.e(751).then(n.bind(n,2745)),"@site/versioned_docs/version-0.8/index.md",2745],fd06576e:[()=>n.e(3667).then(n.bind(n,3158)),"@site/versioned_docs/version-0.5/namespaces.md",3158],fd26103c:[()=>n.e(2392).then(n.bind(n,1245)),"@site/versioned_docs/version-0.4/gitrepo-targets.md",1245],fe8cb35a:[()=>n.e(1886).then(n.bind(n,5003)),"@site/versioned_docs/version-0.7/ref-bundle-stages.md",5003],ffe5129d:[()=>n.e(5532).then(n.bind(n,6153)),"@site/docs/ref-configuration.md",6153]};function c(e){let{error:t,retry:n,pastDelay:a}=e;return t?r.createElement("div",{style:{textAlign:"center",color:"#fff",backgroundColor:"#fa383e",borderColor:"#fa383e",borderStyle:"solid",borderRadius:"0.25rem",borderWidth:"1px",boxSizing:"border-box",display:"block",padding:"1rem",flex:"0 0 50%",marginLeft:"25%",marginRight:"25%",marginTop:"5rem",maxWidth:"50%",width:"100%"}},r.createElement("p",null,String(t)),r.createElement("div",null,r.createElement("button",{type:"button",onClick:n},"Retry"))):a?r.createElement("div",{style:{display:"flex",justifyContent:"center",alignItems:"center",height:"100vh"}},r.createElement("svg",{id:"loader",style:{width:128,height:110,position:"absolute",top:"calc(100vh - 64%)"},viewBox:"0 0 45 45",xmlns:"http://www.w3.org/2000/svg",stroke:"#61dafb"},r.createElement("g",{fill:"none",fillRule:"evenodd",transform:"translate(1 1)",strokeWidth:"2"},r.createElement("circle",{cx:"22",cy:"22",r:"6",strokeOpacity:"0"},r.createElement("animate",{attributeName:"r",begin:"1.5s",dur:"3s",values:"6;22",calcMode:"linear",repeatCount:"indefinite"}),r.createElement("animate",{attributeName:"stroke-opacity",begin:"1.5s",dur:"3s",values:"1;0",calcMode:"linear",repeatCount:"indefinite"}),r.createElement("animate",{attributeName:"stroke-width",begin:"1.5s",dur:"3s",values:"2;0",calcMode:"linear",repeatCount:"indefinite"})),r.createElement("circle",{cx:"22",cy:"22",r:"6",strokeOpacity:"0"},r.createElement("animate",{attributeName:"r",begin:"3s",dur:"3s",values:"6;22",calcMode:"linear",repeatCount:"indefinite"}),r.createElement("animate",{attributeName:"stroke-opacity",begin:"3s",dur:"3s",values:"1;0",calcMode:"linear",repeatCount:"indefinite"}),r.createElement("animate",{attributeName:"stroke-width",begin:"3s",dur:"3s",values:"2;0",calcMode:"linear",repeatCount:"indefinite"})),r.createElement("circle",{cx:"22",cy:"22",r:"8"},r.createElement("animate",{attributeName:"r",begin:"0s",dur:"1.5s",values:"6;1;2;3;4;5;6",calcMode:"linear",repeatCount:"indefinite"}))))):null}var u=n(9670),d=n(226);function f(e,t){if("*"===e)return i()({loading:c,loader:()=>n.e(4972).then(n.bind(n,4972)),modules:["@theme/NotFound"],webpack:()=>[4972],render(e,t){const n=e.default;return r.createElement(d.z,{value:{plugin:{name:"native",id:"default"}}},r.createElement(n,t))}});const o=l[`${e}-${t}`],f={},p=[],m=[],h=(0,u.Z)(o);return Object.entries(h).forEach((e=>{let[t,n]=e;const r=s[n];r&&(f[t]=r[0],p.push(r[1]),m.push(r[2]))})),i().Map({loading:c,loader:f,modules:p,webpack:()=>m,render(t,n){const i=JSON.parse(JSON.stringify(o));Object.entries(t).forEach((t=>{let[n,r]=t;const a=r.default;if(!a)throw new Error(`The page component at ${e} doesn't have a default export. This makes it impossible to render anything. Consider default-exporting a React component.`);"object"!=typeof a&&"function"!=typeof a||Object.keys(r).filter((e=>"default"!==e)).forEach((e=>{a[e]=r[e]}));let o=i;const l=n.split(".");l.slice(0,-1).forEach((e=>{o=o[e]})),o[l[l.length-1]]=a}));const l=i.__comp;delete i.__comp;const s=i.__context;return delete i.__context,r.createElement(d.z,{value:s},r.createElement(l,(0,a.Z)({},i,n)))}})}const p=[{path:"/search",component:f("/search","b9c"),exact:!0},{path:"/0.4",component:f("/0.4","443"),routes:[{path:"/0.4",component:f("/0.4","f29"),exact:!0,sidebar:"docs"},{path:"/0.4/advanced-users",component:f("/0.4/advanced-users","3a5"),exact:!0,sidebar:"docs"},{path:"/0.4/agent-initiated",component:f("/0.4/agent-initiated","aff"),exact:!0,sidebar:"docs"},{path:"/0.4/architecture",component:f("/0.4/architecture","aef"),exact:!0,sidebar:"docs"},{path:"/0.4/bundle-diffs",component:f("/0.4/bundle-diffs","ad2"),exact:!0,sidebar:"docs"},{path:"/0.4/cluster-bundles-state",component:f("/0.4/cluster-bundles-state","ed6"),exact:!0,sidebar:"docs"},{path:"/0.4/cluster-group",component:f("/0.4/cluster-group","0c6"),exact:!0,sidebar:"docs"},{path:"/0.4/cluster-overview",component:f("/0.4/cluster-overview","c10"),exact:!0,sidebar:"docs"},{path:"/0.4/cluster-tokens",component:f("/0.4/cluster-tokens","769"),exact:!0,sidebar:"docs"},{path:"/0.4/concepts",component:f("/0.4/concepts","cf8"),exact:!0,sidebar:"docs"},{path:"/0.4/examples",component:f("/0.4/examples","fe7"),exact:!0,sidebar:"docs"},{path:"/0.4/gitrepo-add",component:f("/0.4/gitrepo-add","ced"),exact:!0,sidebar:"docs"},{path:"/0.4/gitrepo-structure",component:f("/0.4/gitrepo-structure","11f"),exact:!0,sidebar:"docs"},{path:"/0.4/gitrepo-targets",component:f("/0.4/gitrepo-targets","4f9"),exact:!0,sidebar:"docs"},{path:"/0.4/imagescan",component:f("/0.4/imagescan","cb9"),exact:!0,sidebar:"docs"},{path:"/0.4/installation",component:f("/0.4/installation","fbe"),exact:!0,sidebar:"docs"},{path:"/0.4/manager-initiated",component:f("/0.4/manager-initiated","e79"),exact:!0,sidebar:"docs"},{path:"/0.4/multi-cluster-install",component:f("/0.4/multi-cluster-install","55a"),exact:!0,sidebar:"docs"},{path:"/0.4/namespaces",component:f("/0.4/namespaces","95f"),exact:!0,sidebar:"docs"},{path:"/0.4/quickstart",component:f("/0.4/quickstart","245"),exact:!0,sidebar:"docs"},{path:"/0.4/single-cluster-install",component:f("/0.4/single-cluster-install","76b"),exact:!0,sidebar:"docs"},{path:"/0.4/troubleshooting",component:f("/0.4/troubleshooting","0ae"),exact:!0,sidebar:"docs"},{path:"/0.4/uninstall",component:f("/0.4/uninstall","244"),exact:!0,sidebar:"docs"},{path:"/0.4/webhook",component:f("/0.4/webhook","43b"),exact:!0,sidebar:"docs"}]},{path:"/0.5",component:f("/0.5","6ec"),routes:[{path:"/0.5",component:f("/0.5","3c6"),exact:!0,sidebar:"docs"},{path:"/0.5/advanced-users",component:f("/0.5/advanced-users","f57"),exact:!0,sidebar:"docs"},{path:"/0.5/agent-initiated",component:f("/0.5/agent-initiated","1db"),exact:!0,sidebar:"docs"},{path:"/0.5/architecture",component:f("/0.5/architecture","36b"),exact:!0,sidebar:"docs"},{path:"/0.5/bundle-diffs",component:f("/0.5/bundle-diffs","b3e"),exact:!0,sidebar:"docs"},{path:"/0.5/cluster-bundles-state",component:f("/0.5/cluster-bundles-state","f00"),exact:!0,sidebar:"docs"},{path:"/0.5/cluster-group",component:f("/0.5/cluster-group","24b"),exact:!0,sidebar:"docs"},{path:"/0.5/cluster-overview",component:f("/0.5/cluster-overview","565"),exact:!0,sidebar:"docs"},{path:"/0.5/cluster-tokens",component:f("/0.5/cluster-tokens","a37"),exact:!0,sidebar:"docs"},{path:"/0.5/concepts",component:f("/0.5/concepts","8d5"),exact:!0,sidebar:"docs"},{path:"/0.5/examples",component:f("/0.5/examples","137"),exact:!0,sidebar:"docs"},{path:"/0.5/gitrepo-add",component:f("/0.5/gitrepo-add","9b2"),exact:!0,sidebar:"docs"},{path:"/0.5/gitrepo-structure",component:f("/0.5/gitrepo-structure","52e"),exact:!0,sidebar:"docs"},{path:"/0.5/gitrepo-targets",component:f("/0.5/gitrepo-targets","918"),exact:!0,sidebar:"docs"},{path:"/0.5/imagescan",component:f("/0.5/imagescan","443"),exact:!0,sidebar:"docs"},{path:"/0.5/installation",component:f("/0.5/installation","e3f"),exact:!0,sidebar:"docs"},{path:"/0.5/manager-initiated",component:f("/0.5/manager-initiated","836"),exact:!0,sidebar:"docs"},{path:"/0.5/multi-cluster-install",component:f("/0.5/multi-cluster-install","f26"),exact:!0,sidebar:"docs"},{path:"/0.5/namespaces",component:f("/0.5/namespaces","c22"),exact:!0,sidebar:"docs"},{path:"/0.5/quickstart",component:f("/0.5/quickstart","36d"),exact:!0,sidebar:"docs"},{path:"/0.5/single-cluster-install",component:f("/0.5/single-cluster-install","e92"),exact:!0,sidebar:"docs"},{path:"/0.5/troubleshooting",component:f("/0.5/troubleshooting","b5a"),exact:!0,sidebar:"docs"},{path:"/0.5/uninstall",component:f("/0.5/uninstall","2fa"),exact:!0,sidebar:"docs"},{path:"/0.5/webhook",component:f("/0.5/webhook","e36"),exact:!0,sidebar:"docs"}]},{path:"/0.6",component:f("/0.6","ba4"),routes:[{path:"/0.6",component:f("/0.6","bf8"),exact:!0,sidebar:"docs"},{path:"/0.6/architecture",component:f("/0.6/architecture","c95"),exact:!0,sidebar:"docs"},{path:"/0.6/bundle-diffs",component:f("/0.6/bundle-diffs","c6e"),exact:!0,sidebar:"docs"},{path:"/0.6/cli/fleet-agent",component:f("/0.6/cli/fleet-agent","f70"),exact:!0,sidebar:"docs"},{path:"/0.6/cli/fleet-cli/fleet",component:f("/0.6/cli/fleet-cli/fleet","b24"),exact:!0,sidebar:"docs"},{path:"/0.6/cli/fleet-cli/fleet_apply",component:f("/0.6/cli/fleet-cli/fleet_apply","856"),exact:!0,sidebar:"docs"},{path:"/0.6/cli/fleet-cli/fleet_test",component:f("/0.6/cli/fleet-cli/fleet_test","dbd"),exact:!0,sidebar:"docs"},{path:"/0.6/cli/fleet-controller/fleet-manager",component:f("/0.6/cli/fleet-controller/fleet-manager","3f6"),exact:!0,sidebar:"docs"},{path:"/0.6/cluster-bundles-state",component:f("/0.6/cluster-bundles-state","dc3"),exact:!0,sidebar:"docs"},{path:"/0.6/cluster-group",component:f("/0.6/cluster-group","2b6"),exact:!0,sidebar:"docs"},{path:"/0.6/cluster-registration",component:f("/0.6/cluster-registration","6cb"),exact:!0,sidebar:"docs"},{path:"/0.6/concepts",component:f("/0.6/concepts","be0"),exact:!0,sidebar:"docs"},{path:"/0.6/gitrepo-add",component:f("/0.6/gitrepo-add","d7e"),exact:!0,sidebar:"docs"},{path:"/0.6/gitrepo-content",component:f("/0.6/gitrepo-content","180"),exact:!0,sidebar:"docs"},{path:"/0.6/gitrepo-targets",component:f("/0.6/gitrepo-targets","b7e"),exact:!0,sidebar:"docs"},{path:"/0.6/imagescan",component:f("/0.6/imagescan","8c5"),exact:!0,sidebar:"docs"},{path:"/0.6/installation",component:f("/0.6/installation","aee"),exact:!0,sidebar:"docs"},{path:"/0.6/multi-user",component:f("/0.6/multi-user","f37"),exact:!0,sidebar:"docs"},{path:"/0.6/namespaces",component:f("/0.6/namespaces","04f"),exact:!0,sidebar:"docs"},{path:"/0.6/quickstart",component:f("/0.6/quickstart","e34"),exact:!0,sidebar:"docs"},{path:"/0.6/ref-bundle-stages",component:f("/0.6/ref-bundle-stages","c69"),exact:!0,sidebar:"docs"},{path:"/0.6/ref-configuration",component:f("/0.6/ref-configuration","c94"),exact:!0,sidebar:"docs"},{path:"/0.6/ref-crds",component:f("/0.6/ref-crds","b02"),exact:!0,sidebar:"docs"},{path:"/0.6/ref-fleet-yaml",component:f("/0.6/ref-fleet-yaml","2f8"),exact:!0,sidebar:"docs"},{path:"/0.6/ref-gitrepo",component:f("/0.6/ref-gitrepo","dec"),exact:!0,sidebar:"docs"},{path:"/0.6/ref-registration",component:f("/0.6/ref-registration","1f2"),exact:!0,sidebar:"docs"},{path:"/0.6/ref-resources",component:f("/0.6/ref-resources","39f"),exact:!0,sidebar:"docs"},{path:"/0.6/troubleshooting",component:f("/0.6/troubleshooting","42a"),exact:!0,sidebar:"docs"},{path:"/0.6/tut-deployment",component:f("/0.6/tut-deployment","e3b"),exact:!0,sidebar:"docs"},{path:"/0.6/uninstall",component:f("/0.6/uninstall","5bf"),exact:!0,sidebar:"docs"},{path:"/0.6/webhook",component:f("/0.6/webhook","0ab"),exact:!0,sidebar:"docs"}]},{path:"/0.7",component:f("/0.7","692"),routes:[{path:"/0.7",component:f("/0.7","b48"),exact:!0,sidebar:"docs"},{path:"/0.7/architecture",component:f("/0.7/architecture","950"),exact:!0,sidebar:"docs"},{path:"/0.7/bundle-add",component:f("/0.7/bundle-add","b56"),exact:!0,sidebar:"docs"},{path:"/0.7/bundle-diffs",component:f("/0.7/bundle-diffs","485"),exact:!0,sidebar:"docs"},{path:"/0.7/cli/fleet-agent",component:f("/0.7/cli/fleet-agent","fde"),exact:!0,sidebar:"docs"},{path:"/0.7/cli/fleet-cli/fleet",component:f("/0.7/cli/fleet-cli/fleet","f38"),exact:!0,sidebar:"docs"},{path:"/0.7/cli/fleet-cli/fleet_apply",component:f("/0.7/cli/fleet-cli/fleet_apply","885"),exact:!0,sidebar:"docs"},{path:"/0.7/cli/fleet-cli/fleet_test",component:f("/0.7/cli/fleet-cli/fleet_test","246"),exact:!0,sidebar:"docs"},{path:"/0.7/cli/fleet-controller/fleet-manager",component:f("/0.7/cli/fleet-controller/fleet-manager","424"),exact:!0,sidebar:"docs"},{path:"/0.7/cluster-bundles-state",component:f("/0.7/cluster-bundles-state","eae"),exact:!0,sidebar:"docs"},{path:"/0.7/cluster-group",component:f("/0.7/cluster-group","970"),exact:!0,sidebar:"docs"},{path:"/0.7/cluster-registration",component:f("/0.7/cluster-registration","879"),exact:!0,sidebar:"docs"},{path:"/0.7/concepts",component:f("/0.7/concepts","898"),exact:!0,sidebar:"docs"},{path:"/0.7/gitrepo-add",component:f("/0.7/gitrepo-add","0c1"),exact:!0,sidebar:"docs"},{path:"/0.7/gitrepo-content",component:f("/0.7/gitrepo-content","a38"),exact:!0,sidebar:"docs"},{path:"/0.7/gitrepo-targets",component:f("/0.7/gitrepo-targets","f5f"),exact:!0,sidebar:"docs"},{path:"/0.7/imagescan",component:f("/0.7/imagescan","a36"),exact:!0,sidebar:"docs"},{path:"/0.7/installation",component:f("/0.7/installation","6a4"),exact:!0,sidebar:"docs"},{path:"/0.7/multi-user",component:f("/0.7/multi-user","6f2"),exact:!0,sidebar:"docs"},{path:"/0.7/namespaces",component:f("/0.7/namespaces","bed"),exact:!0,sidebar:"docs"},{path:"/0.7/quickstart",component:f("/0.7/quickstart","388"),exact:!0,sidebar:"docs"},{path:"/0.7/ref-bundle",component:f("/0.7/ref-bundle","8d9"),exact:!0,sidebar:"docs"},{path:"/0.7/ref-bundle-stages",component:f("/0.7/ref-bundle-stages","c2d"),exact:!0,sidebar:"docs"},{path:"/0.7/ref-configuration",component:f("/0.7/ref-configuration","f2b"),exact:!0,sidebar:"docs"},{path:"/0.7/ref-crds",component:f("/0.7/ref-crds","96a"),exact:!0,sidebar:"docs"},{path:"/0.7/ref-fleet-yaml",component:f("/0.7/ref-fleet-yaml","78d"),exact:!0,sidebar:"docs"},{path:"/0.7/ref-gitrepo",component:f("/0.7/ref-gitrepo","c5b"),exact:!0,sidebar:"docs"},{path:"/0.7/ref-registration",component:f("/0.7/ref-registration","f9b"),exact:!0,sidebar:"docs"},{path:"/0.7/ref-resources",component:f("/0.7/ref-resources","e3d"),exact:!0,sidebar:"docs"},{path:"/0.7/troubleshooting",component:f("/0.7/troubleshooting","955"),exact:!0,sidebar:"docs"},{path:"/0.7/tut-deployment",component:f("/0.7/tut-deployment","898"),exact:!0,sidebar:"docs"},{path:"/0.7/uninstall",component:f("/0.7/uninstall","3aa"),exact:!0,sidebar:"docs"},{path:"/0.7/webhook",component:f("/0.7/webhook","848"),exact:!0,sidebar:"docs"}]},{path:"/0.8",component:f("/0.8","10b"),routes:[{path:"/0.8",component:f("/0.8","1c1"),exact:!0,sidebar:"docs"},{path:"/0.8/architecture",component:f("/0.8/architecture","b39"),exact:!0,sidebar:"docs"},{path:"/0.8/bundle-add",component:f("/0.8/bundle-add","8d4"),exact:!0,sidebar:"docs"},{path:"/0.8/bundle-diffs",component:f("/0.8/bundle-diffs","d79"),exact:!0,sidebar:"docs"},{path:"/0.8/cli/fleet-agent",component:f("/0.8/cli/fleet-agent","81a"),exact:!0,sidebar:"docs"},{path:"/0.8/cli/fleet-cli/fleet",component:f("/0.8/cli/fleet-cli/fleet","edf"),exact:!0,sidebar:"docs"},{path:"/0.8/cli/fleet-cli/fleet_apply",component:f("/0.8/cli/fleet-cli/fleet_apply","33b"),exact:!0,sidebar:"docs"},{path:"/0.8/cli/fleet-cli/fleet_test",component:f("/0.8/cli/fleet-cli/fleet_test","436"),exact:!0,sidebar:"docs"},{path:"/0.8/cli/fleet-controller/fleet-manager",component:f("/0.8/cli/fleet-controller/fleet-manager","25f"),exact:!0,sidebar:"docs"},{path:"/0.8/cluster-bundles-state",component:f("/0.8/cluster-bundles-state","ff7"),exact:!0,sidebar:"docs"},{path:"/0.8/cluster-group",component:f("/0.8/cluster-group","03d"),exact:!0,sidebar:"docs"},{path:"/0.8/cluster-registration",component:f("/0.8/cluster-registration","986"),exact:!0,sidebar:"docs"},{path:"/0.8/concepts",component:f("/0.8/concepts","8c9"),exact:!0,sidebar:"docs"},{path:"/0.8/gitrepo-add",component:f("/0.8/gitrepo-add","cf5"),exact:!0,sidebar:"docs"},{path:"/0.8/gitrepo-content",component:f("/0.8/gitrepo-content","11a"),exact:!0,sidebar:"docs"},{path:"/0.8/gitrepo-targets",component:f("/0.8/gitrepo-targets","b08"),exact:!0,sidebar:"docs"},{path:"/0.8/imagescan",component:f("/0.8/imagescan","2f5"),exact:!0,sidebar:"docs"},{path:"/0.8/installation",component:f("/0.8/installation","1d9"),exact:!0,sidebar:"docs"},{path:"/0.8/multi-user",component:f("/0.8/multi-user","61a"),exact:!0,sidebar:"docs"},{path:"/0.8/namespaces",component:f("/0.8/namespaces","269"),exact:!0,sidebar:"docs"},{path:"/0.8/quickstart",component:f("/0.8/quickstart","ee4"),exact:!0,sidebar:"docs"},{path:"/0.8/ref-bundle",component:f("/0.8/ref-bundle","0c9"),exact:!0,sidebar:"docs"},{path:"/0.8/ref-bundle-stages",component:f("/0.8/ref-bundle-stages","b14"),exact:!0,sidebar:"docs"},{path:"/0.8/ref-configuration",component:f("/0.8/ref-configuration","8cc"),exact:!0,sidebar:"docs"},{path:"/0.8/ref-crds",component:f("/0.8/ref-crds","d09"),exact:!0,sidebar:"docs"},{path:"/0.8/ref-fleet-yaml",component:f("/0.8/ref-fleet-yaml","074"),exact:!0,sidebar:"docs"},{path:"/0.8/ref-gitrepo",component:f("/0.8/ref-gitrepo","d49"),exact:!0,sidebar:"docs"},{path:"/0.8/ref-registration",component:f("/0.8/ref-registration","e6c"),exact:!0,sidebar:"docs"},{path:"/0.8/ref-resources",component:f("/0.8/ref-resources","783"),exact:!0,sidebar:"docs"},{path:"/0.8/resources-during-deployment",component:f("/0.8/resources-during-deployment","6a9"),exact:!0,sidebar:"docs"},{path:"/0.8/troubleshooting",component:f("/0.8/troubleshooting","97c"),exact:!0,sidebar:"docs"},{path:"/0.8/tut-deployment",component:f("/0.8/tut-deployment","19a"),exact:!0,sidebar:"docs"},{path:"/0.8/uninstall",component:f("/0.8/uninstall","f78"),exact:!0,sidebar:"docs"},{path:"/0.8/webhook",component:f("/0.8/webhook","490"),exact:!0,sidebar:"docs"}]},{path:"/",component:f("/","a58"),routes:[{path:"/",component:f("/","b09"),exact:!0,sidebar:"docs"},{path:"/architecture",component:f("/architecture","c53"),exact:!0,sidebar:"docs"},{path:"/bundle-add",component:f("/bundle-add","d02"),exact:!0,sidebar:"docs"},{path:"/bundle-diffs",component:f("/bundle-diffs","795"),exact:!0,sidebar:"docs"},{path:"/cli/fleet-agent",component:f("/cli/fleet-agent","10c"),exact:!0,sidebar:"docs"},{path:"/cli/fleet-cli/fleet",component:f("/cli/fleet-cli/fleet","a1d"),exact:!0,sidebar:"docs"},{path:"/cli/fleet-cli/fleet_apply",component:f("/cli/fleet-cli/fleet_apply","a5d"),exact:!0,sidebar:"docs"},{path:"/cli/fleet-cli/fleet_cleanup",component:f("/cli/fleet-cli/fleet_cleanup","8ac"),exact:!0},{path:"/cli/fleet-cli/fleet_test",component:f("/cli/fleet-cli/fleet_test","4a0"),exact:!0,sidebar:"docs"},{path:"/cli/fleet-controller/fleet-manager",component:f("/cli/fleet-controller/fleet-manager","a07"),exact:!0,sidebar:"docs"},{path:"/cluster-bundles-state",component:f("/cluster-bundles-state","27b"),exact:!0,sidebar:"docs"},{path:"/cluster-group",component:f("/cluster-group","bbc"),exact:!0,sidebar:"docs"},{path:"/cluster-registration",component:f("/cluster-registration","3dc"),exact:!0,sidebar:"docs"},{path:"/concepts",component:f("/concepts","efb"),exact:!0,sidebar:"docs"},{path:"/gitrepo-add",component:f("/gitrepo-add","d07"),exact:!0,sidebar:"docs"},{path:"/gitrepo-content",component:f("/gitrepo-content","011"),exact:!0,sidebar:"docs"},{path:"/gitrepo-targets",component:f("/gitrepo-targets","216"),exact:!0,sidebar:"docs"},{path:"/imagescan",component:f("/imagescan","3d7"),exact:!0,sidebar:"docs"},{path:"/installation",component:f("/installation","d10"),exact:!0,sidebar:"docs"},{path:"/multi-user",component:f("/multi-user","563"),exact:!0,sidebar:"docs"},{path:"/namespaces",component:f("/namespaces","349"),exact:!0,sidebar:"docs"},{path:"/quickstart",component:f("/quickstart","51d"),exact:!0,sidebar:"docs"},{path:"/ref-bundle",component:f("/ref-bundle","015"),exact:!0,sidebar:"docs"},{path:"/ref-bundle-stages",component:f("/ref-bundle-stages","8b4"),exact:!0,sidebar:"docs"},{path:"/ref-configuration",component:f("/ref-configuration","768"),exact:!0,sidebar:"docs"},{path:"/ref-crds",component:f("/ref-crds","956"),exact:!0,sidebar:"docs"},{path:"/ref-fleet-yaml",component:f("/ref-fleet-yaml","45f"),exact:!0,sidebar:"docs"},{path:"/ref-gitrepo",component:f("/ref-gitrepo","4ff"),exact:!0,sidebar:"docs"},{path:"/ref-registration",component:f("/ref-registration","7f4"),exact:!0,sidebar:"docs"},{path:"/ref-resources",component:f("/ref-resources","b53"),exact:!0,sidebar:"docs"},{path:"/resources-during-deployment",component:f("/resources-during-deployment","da0"),exact:!0,sidebar:"docs"},{path:"/troubleshooting",component:f("/troubleshooting","d83"),exact:!0,sidebar:"docs"},{path:"/tut-deployment",component:f("/tut-deployment","4f4"),exact:!0,sidebar:"docs"},{path:"/uninstall",component:f("/uninstall","ff6"),exact:!0,sidebar:"docs"},{path:"/webhook",component:f("/webhook","c5f"),exact:!0,sidebar:"docs"}]},{path:"*",component:f("*")}]},8934:(e,t,n)=>{"use strict";n.d(t,{_:()=>a,t:()=>o});var r=n(7294);const a=r.createContext(!1);function o(e){let{children:t}=e;const[n,o]=(0,r.useState)(!1);return(0,r.useEffect)((()=>{o(!0)}),[]),r.createElement(a.Provider,{value:n},t)}},9383:(e,t,n)=>{"use strict";var r=n(7294),a=n(3935),o=n(3727),i=n(405),l=n(412);const s=[n(2497),n(3310),n(8320),n(2295)];var c=n(723),u=n(6550),d=n(8790);function f(e){let{children:t}=e;return r.createElement(r.Fragment,null,t)}var p=n(7462),m=n(5742),h=n(2263),g=n(4996),b=n(6668),v=n(833),y=n(4711),w=n(9727),k=n(3320),E=n(197);function _(){const{i18n:{defaultLocale:e,localeConfigs:t}}=(0,h.Z)(),n=(0,y.l)();return r.createElement(m.Z,null,Object.entries(t).map((e=>{let[t,{htmlLang:a}]=e;return r.createElement("link",{key:t,rel:"alternate",href:n.createUrl({locale:t,fullyQualified:!0}),hrefLang:a})})),r.createElement("link",{rel:"alternate",href:n.createUrl({locale:e,fullyQualified:!0}),hrefLang:"x-default"}))}function S(e){let{permalink:t}=e;const{siteConfig:{url:n}}=(0,h.Z)(),a=function(){const{siteConfig:{url:e}}=(0,h.Z)(),{pathname:t}=(0,u.TH)();return e+(0,g.Z)(t)}(),o=t?`${n}${t}`:a;return r.createElement(m.Z,null,r.createElement("meta",{property:"og:url",content:o}),r.createElement("link",{rel:"canonical",href:o}))}function x(){const{i18n:{currentLocale:e}}=(0,h.Z)(),{metadata:t,image:n}=(0,b.L)();return r.createElement(r.Fragment,null,r.createElement(m.Z,null,r.createElement("meta",{name:"twitter:card",content:"summary_large_image"}),r.createElement("body",{className:w.h})),n&&r.createElement(v.d,{image:n}),r.createElement(S,null),r.createElement(_,null),r.createElement(E.Z,{tag:k.HX,locale:e}),r.createElement(m.Z,null,t.map(((e,t)=>r.createElement("meta",(0,p.Z)({key:t},e))))))}const C=new Map;function T(e){if(C.has(e.pathname))return{...e,pathname:C.get(e.pathname)};if((0,d.f)(c.Z,e.pathname).some((e=>{let{route:t}=e;return!0===t.exact})))return C.set(e.pathname,e.pathname),e;const t=e.pathname.trim().replace(/(?:\/index)?\.html$/,"")||"/";return C.set(e.pathname,t),{...e,pathname:t}}var A=n(8934),L=n(8940);function R(e){for(var t=arguments.length,n=new Array(t>1?t-1:0),r=1;r{var r;const a=(null==(r=t.default)?void 0:r[e])??t[e];return null==a?void 0:a(...n)}));return()=>a.forEach((e=>null==e?void 0:e()))}const P=function(e){let{children:t,location:n,previousLocation:a}=e;return(0,r.useLayoutEffect)((()=>{a!==n&&(!function(e){let{location:t,previousLocation:n}=e;if(!n)return;const r=t.pathname===n.pathname,a=t.hash===n.hash,o=t.search===n.search;if(r&&a&&!o)return;const{hash:i}=t;if(i){const e=decodeURIComponent(i.substring(1)),t=document.getElementById(e);null==t||t.scrollIntoView()}else window.scrollTo(0,0)}({location:n,previousLocation:a}),R("onRouteDidUpdate",{previousLocation:a,location:n}))}),[a,n]),t};function N(e){const t=Array.from(new Set([e,decodeURI(e)])).map((e=>(0,d.f)(c.Z,e))).flat();return Promise.all(t.map((e=>null==e.route.component.preload?void 0:e.route.component.preload())))}class O extends r.Component{constructor(e){super(e),this.previousLocation=void 0,this.routeUpdateCleanupCb=void 0,this.previousLocation=null,this.routeUpdateCleanupCb=l.Z.canUseDOM?R("onRouteUpdate",{previousLocation:null,location:this.props.location}):()=>{},this.state={nextRouteHasLoaded:!0}}shouldComponentUpdate(e,t){if(e.location===this.props.location)return t.nextRouteHasLoaded;const n=e.location;return this.previousLocation=this.props.location,this.setState({nextRouteHasLoaded:!1}),this.routeUpdateCleanupCb=R("onRouteUpdate",{previousLocation:this.previousLocation,location:n}),N(n.pathname).then((()=>{this.routeUpdateCleanupCb(),this.setState({nextRouteHasLoaded:!0})})).catch((e=>{console.warn(e),window.location.reload()})),!1}render(){const{children:e,location:t}=this.props;return r.createElement(P,{previousLocation:this.previousLocation,location:t},r.createElement(u.AW,{location:t,render:()=>e}))}}const I=O,D="docusaurus-base-url-issue-banner-container",M="docusaurus-base-url-issue-banner-suggestion-container",F="__DOCUSAURUS_INSERT_BASEURL_BANNER";function B(e){return`\nwindow['${F}'] = true;\n\ndocument.addEventListener('DOMContentLoaded', maybeInsertBanner);\n\nfunction maybeInsertBanner() {\n var shouldInsert = window['${F}'];\n shouldInsert && insertBanner();\n}\n\nfunction insertBanner() {\n var bannerContainer = document.getElementById('${D}');\n if (!bannerContainer) {\n return;\n }\n var bannerHtml = ${JSON.stringify(function(e){return`\n
    \n

    Your Docusaurus site did not load properly.

    \n

    A very common reason is a wrong site baseUrl configuration.

    \n

    Current configured baseUrl = ${e} ${"/"===e?" (default value)":""}

    \n

    We suggest trying baseUrl =

    \n
    \n`}(e)).replace(/{window[F]=!1}),[]),r.createElement(r.Fragment,null,!l.Z.canUseDOM&&r.createElement(m.Z,null,r.createElement("script",null,B(e))),r.createElement("div",{id:D}))}function z(){const{siteConfig:{baseUrl:e,baseUrlIssueBanner:t}}=(0,h.Z)(),{pathname:n}=(0,u.TH)();return t&&n===e?r.createElement(j,null):null}function U(){const{siteConfig:{favicon:e,title:t,noIndex:n},i18n:{currentLocale:a,localeConfigs:o}}=(0,h.Z)(),i=(0,g.Z)(e),{htmlLang:l,direction:s}=o[a];return r.createElement(m.Z,null,r.createElement("html",{lang:l,dir:s}),r.createElement("title",null,t),r.createElement("meta",{property:"og:title",content:t}),r.createElement("meta",{name:"viewport",content:"width=device-width, initial-scale=1.0"}),n&&r.createElement("meta",{name:"robots",content:"noindex, nofollow"}),e&&r.createElement("link",{rel:"icon",href:i}))}var $=n(4763);function q(){const e=(0,d.H)(c.Z),t=(0,u.TH)();return r.createElement($.Z,null,r.createElement(L.M,null,r.createElement(A.t,null,r.createElement(f,null,r.createElement(U,null),r.createElement(x,null),r.createElement(z,null),r.createElement(I,{location:T(t)},e)))))}var H=n(6887);const G=function(e){try{return document.createElement("link").relList.supports(e)}catch{return!1}}("prefetch")?function(e){return new Promise(((t,n)=>{var r;if("undefined"==typeof document)return void n();const a=document.createElement("link");a.setAttribute("rel","prefetch"),a.setAttribute("href",e),a.onload=()=>t(),a.onerror=()=>n();const o=document.getElementsByTagName("head")[0]??(null==(r=document.getElementsByName("script")[0])?void 0:r.parentNode);null==o||o.appendChild(a)}))}:function(e){return new Promise(((t,n)=>{const r=new XMLHttpRequest;r.open("GET",e,!0),r.withCredentials=!0,r.onload=()=>{200===r.status?t():n()},r.send(null)}))};var Z=n(9670);const V=new Set,W=new Set,K=()=>{var e,t;return(null==(e=navigator.connection)?void 0:e.effectiveType.includes("2g"))||(null==(t=navigator.connection)?void 0:t.saveData)},Y={prefetch(e){if(!(e=>!K()&&!W.has(e)&&!V.has(e))(e))return!1;V.add(e);const t=(0,d.f)(c.Z,e).flatMap((e=>{return t=e.route.path,Object.entries(H).filter((e=>{let[n]=e;return n.replace(/-[^-]+$/,"")===t})).flatMap((e=>{let[,t]=e;return Object.values((0,Z.Z)(t))}));var t}));return Promise.all(t.map((e=>{const t=n.gca(e);return t&&!t.includes("undefined")?G(t).catch((()=>{})):Promise.resolve()})))},preload:e=>!!(e=>!K()&&!W.has(e))(e)&&(W.add(e),N(e))},Q=Object.freeze(Y);if(l.Z.canUseDOM){window.docusaurus=Q;const e=a.hydrate;N(window.location.pathname).then((()=>{e(r.createElement(i.B6,null,r.createElement(o.VK,null,r.createElement(q,null))),document.getElementById("__docusaurus"))}))}},8940:(e,t,n)=>{"use strict";n.d(t,{_:()=>u,M:()=>d});var r=n(7294),a=n(6809);const o=JSON.parse('{"docusaurus-plugin-content-docs":{"default":{"path":"/","versions":[{"name":"current","label":"Next \ud83d\udea7","isLast":true,"path":"/","mainDocId":"index","docs":[{"id":"architecture","path":"/architecture","sidebar":"docs"},{"id":"bundle-add","path":"/bundle-add","sidebar":"docs"},{"id":"bundle-diffs","path":"/bundle-diffs","sidebar":"docs"},{"id":"cli/fleet-agent/fleet-agent","path":"/cli/fleet-agent/","sidebar":"docs"},{"id":"cli/fleet-cli/fleet","path":"/cli/fleet-cli/fleet","sidebar":"docs"},{"id":"cli/fleet-cli/fleet_apply","path":"/cli/fleet-cli/fleet_apply","sidebar":"docs"},{"id":"cli/fleet-cli/fleet_cleanup","path":"/cli/fleet-cli/fleet_cleanup"},{"id":"cli/fleet-cli/fleet_test","path":"/cli/fleet-cli/fleet_test","sidebar":"docs"},{"id":"cli/fleet-controller/fleet-manager","path":"/cli/fleet-controller/fleet-manager","sidebar":"docs"},{"id":"cluster-bundles-state","path":"/cluster-bundles-state","sidebar":"docs"},{"id":"cluster-group","path":"/cluster-group","sidebar":"docs"},{"id":"cluster-registration","path":"/cluster-registration","sidebar":"docs"},{"id":"concepts","path":"/concepts","sidebar":"docs"},{"id":"gitrepo-add","path":"/gitrepo-add","sidebar":"docs"},{"id":"gitrepo-content","path":"/gitrepo-content","sidebar":"docs"},{"id":"gitrepo-targets","path":"/gitrepo-targets","sidebar":"docs"},{"id":"imagescan","path":"/imagescan","sidebar":"docs"},{"id":"index","path":"/","sidebar":"docs"},{"id":"installation","path":"/installation","sidebar":"docs"},{"id":"multi-user","path":"/multi-user","sidebar":"docs"},{"id":"namespaces","path":"/namespaces","sidebar":"docs"},{"id":"quickstart","path":"/quickstart","sidebar":"docs"},{"id":"ref-bundle","path":"/ref-bundle","sidebar":"docs"},{"id":"ref-bundle-stages","path":"/ref-bundle-stages","sidebar":"docs"},{"id":"ref-configuration","path":"/ref-configuration","sidebar":"docs"},{"id":"ref-crds","path":"/ref-crds","sidebar":"docs"},{"id":"ref-fleet-yaml","path":"/ref-fleet-yaml","sidebar":"docs"},{"id":"ref-gitrepo","path":"/ref-gitrepo","sidebar":"docs"},{"id":"ref-registration","path":"/ref-registration","sidebar":"docs"},{"id":"ref-resources","path":"/ref-resources","sidebar":"docs"},{"id":"resources-during-deployment","path":"/resources-during-deployment","sidebar":"docs"},{"id":"troubleshooting","path":"/troubleshooting","sidebar":"docs"},{"id":"tut-deployment","path":"/tut-deployment","sidebar":"docs"},{"id":"uninstall","path":"/uninstall","sidebar":"docs"},{"id":"webhook","path":"/webhook","sidebar":"docs"}],"draftIds":[],"sidebars":{"docs":{"link":{"path":"/","label":"index"}}}},{"name":"0.8","label":"0.8","isLast":false,"path":"/0.8","mainDocId":"index","docs":[{"id":"architecture","path":"/0.8/architecture","sidebar":"docs"},{"id":"bundle-add","path":"/0.8/bundle-add","sidebar":"docs"},{"id":"bundle-diffs","path":"/0.8/bundle-diffs","sidebar":"docs"},{"id":"cli/fleet-agent/fleet-agent","path":"/0.8/cli/fleet-agent/","sidebar":"docs"},{"id":"cli/fleet-cli/fleet","path":"/0.8/cli/fleet-cli/fleet","sidebar":"docs"},{"id":"cli/fleet-cli/fleet_apply","path":"/0.8/cli/fleet-cli/fleet_apply","sidebar":"docs"},{"id":"cli/fleet-cli/fleet_test","path":"/0.8/cli/fleet-cli/fleet_test","sidebar":"docs"},{"id":"cli/fleet-controller/fleet-manager","path":"/0.8/cli/fleet-controller/fleet-manager","sidebar":"docs"},{"id":"cluster-bundles-state","path":"/0.8/cluster-bundles-state","sidebar":"docs"},{"id":"cluster-group","path":"/0.8/cluster-group","sidebar":"docs"},{"id":"cluster-registration","path":"/0.8/cluster-registration","sidebar":"docs"},{"id":"concepts","path":"/0.8/concepts","sidebar":"docs"},{"id":"gitrepo-add","path":"/0.8/gitrepo-add","sidebar":"docs"},{"id":"gitrepo-content","path":"/0.8/gitrepo-content","sidebar":"docs"},{"id":"gitrepo-targets","path":"/0.8/gitrepo-targets","sidebar":"docs"},{"id":"imagescan","path":"/0.8/imagescan","sidebar":"docs"},{"id":"index","path":"/0.8/","sidebar":"docs"},{"id":"installation","path":"/0.8/installation","sidebar":"docs"},{"id":"multi-user","path":"/0.8/multi-user","sidebar":"docs"},{"id":"namespaces","path":"/0.8/namespaces","sidebar":"docs"},{"id":"quickstart","path":"/0.8/quickstart","sidebar":"docs"},{"id":"ref-bundle","path":"/0.8/ref-bundle","sidebar":"docs"},{"id":"ref-bundle-stages","path":"/0.8/ref-bundle-stages","sidebar":"docs"},{"id":"ref-configuration","path":"/0.8/ref-configuration","sidebar":"docs"},{"id":"ref-crds","path":"/0.8/ref-crds","sidebar":"docs"},{"id":"ref-fleet-yaml","path":"/0.8/ref-fleet-yaml","sidebar":"docs"},{"id":"ref-gitrepo","path":"/0.8/ref-gitrepo","sidebar":"docs"},{"id":"ref-registration","path":"/0.8/ref-registration","sidebar":"docs"},{"id":"ref-resources","path":"/0.8/ref-resources","sidebar":"docs"},{"id":"resources-during-deployment","path":"/0.8/resources-during-deployment","sidebar":"docs"},{"id":"troubleshooting","path":"/0.8/troubleshooting","sidebar":"docs"},{"id":"tut-deployment","path":"/0.8/tut-deployment","sidebar":"docs"},{"id":"uninstall","path":"/0.8/uninstall","sidebar":"docs"},{"id":"webhook","path":"/0.8/webhook","sidebar":"docs"}],"draftIds":[],"sidebars":{"docs":{"link":{"path":"/0.8/","label":"index"}}}},{"name":"0.7","label":"0.7","isLast":false,"path":"/0.7","mainDocId":"index","docs":[{"id":"architecture","path":"/0.7/architecture","sidebar":"docs"},{"id":"bundle-add","path":"/0.7/bundle-add","sidebar":"docs"},{"id":"bundle-diffs","path":"/0.7/bundle-diffs","sidebar":"docs"},{"id":"cli/fleet-agent/fleet-agent","path":"/0.7/cli/fleet-agent/","sidebar":"docs"},{"id":"cli/fleet-cli/fleet","path":"/0.7/cli/fleet-cli/fleet","sidebar":"docs"},{"id":"cli/fleet-cli/fleet_apply","path":"/0.7/cli/fleet-cli/fleet_apply","sidebar":"docs"},{"id":"cli/fleet-cli/fleet_test","path":"/0.7/cli/fleet-cli/fleet_test","sidebar":"docs"},{"id":"cli/fleet-controller/fleet-manager","path":"/0.7/cli/fleet-controller/fleet-manager","sidebar":"docs"},{"id":"cluster-bundles-state","path":"/0.7/cluster-bundles-state","sidebar":"docs"},{"id":"cluster-group","path":"/0.7/cluster-group","sidebar":"docs"},{"id":"cluster-registration","path":"/0.7/cluster-registration","sidebar":"docs"},{"id":"concepts","path":"/0.7/concepts","sidebar":"docs"},{"id":"gitrepo-add","path":"/0.7/gitrepo-add","sidebar":"docs"},{"id":"gitrepo-content","path":"/0.7/gitrepo-content","sidebar":"docs"},{"id":"gitrepo-targets","path":"/0.7/gitrepo-targets","sidebar":"docs"},{"id":"imagescan","path":"/0.7/imagescan","sidebar":"docs"},{"id":"index","path":"/0.7/","sidebar":"docs"},{"id":"installation","path":"/0.7/installation","sidebar":"docs"},{"id":"multi-user","path":"/0.7/multi-user","sidebar":"docs"},{"id":"namespaces","path":"/0.7/namespaces","sidebar":"docs"},{"id":"quickstart","path":"/0.7/quickstart","sidebar":"docs"},{"id":"ref-bundle","path":"/0.7/ref-bundle","sidebar":"docs"},{"id":"ref-bundle-stages","path":"/0.7/ref-bundle-stages","sidebar":"docs"},{"id":"ref-configuration","path":"/0.7/ref-configuration","sidebar":"docs"},{"id":"ref-crds","path":"/0.7/ref-crds","sidebar":"docs"},{"id":"ref-fleet-yaml","path":"/0.7/ref-fleet-yaml","sidebar":"docs"},{"id":"ref-gitrepo","path":"/0.7/ref-gitrepo","sidebar":"docs"},{"id":"ref-registration","path":"/0.7/ref-registration","sidebar":"docs"},{"id":"ref-resources","path":"/0.7/ref-resources","sidebar":"docs"},{"id":"troubleshooting","path":"/0.7/troubleshooting","sidebar":"docs"},{"id":"tut-deployment","path":"/0.7/tut-deployment","sidebar":"docs"},{"id":"uninstall","path":"/0.7/uninstall","sidebar":"docs"},{"id":"webhook","path":"/0.7/webhook","sidebar":"docs"}],"draftIds":[],"sidebars":{"docs":{"link":{"path":"/0.7/","label":"index"}}}},{"name":"0.6","label":"0.6","isLast":false,"path":"/0.6","mainDocId":"index","docs":[{"id":"architecture","path":"/0.6/architecture","sidebar":"docs"},{"id":"bundle-diffs","path":"/0.6/bundle-diffs","sidebar":"docs"},{"id":"cli/fleet-agent/fleet-agent","path":"/0.6/cli/fleet-agent/","sidebar":"docs"},{"id":"cli/fleet-cli/fleet","path":"/0.6/cli/fleet-cli/fleet","sidebar":"docs"},{"id":"cli/fleet-cli/fleet_apply","path":"/0.6/cli/fleet-cli/fleet_apply","sidebar":"docs"},{"id":"cli/fleet-cli/fleet_test","path":"/0.6/cli/fleet-cli/fleet_test","sidebar":"docs"},{"id":"cli/fleet-controller/fleet-manager","path":"/0.6/cli/fleet-controller/fleet-manager","sidebar":"docs"},{"id":"cluster-bundles-state","path":"/0.6/cluster-bundles-state","sidebar":"docs"},{"id":"cluster-group","path":"/0.6/cluster-group","sidebar":"docs"},{"id":"cluster-registration","path":"/0.6/cluster-registration","sidebar":"docs"},{"id":"concepts","path":"/0.6/concepts","sidebar":"docs"},{"id":"gitrepo-add","path":"/0.6/gitrepo-add","sidebar":"docs"},{"id":"gitrepo-content","path":"/0.6/gitrepo-content","sidebar":"docs"},{"id":"gitrepo-targets","path":"/0.6/gitrepo-targets","sidebar":"docs"},{"id":"imagescan","path":"/0.6/imagescan","sidebar":"docs"},{"id":"index","path":"/0.6/","sidebar":"docs"},{"id":"installation","path":"/0.6/installation","sidebar":"docs"},{"id":"multi-user","path":"/0.6/multi-user","sidebar":"docs"},{"id":"namespaces","path":"/0.6/namespaces","sidebar":"docs"},{"id":"quickstart","path":"/0.6/quickstart","sidebar":"docs"},{"id":"ref-bundle-stages","path":"/0.6/ref-bundle-stages","sidebar":"docs"},{"id":"ref-configuration","path":"/0.6/ref-configuration","sidebar":"docs"},{"id":"ref-crds","path":"/0.6/ref-crds","sidebar":"docs"},{"id":"ref-fleet-yaml","path":"/0.6/ref-fleet-yaml","sidebar":"docs"},{"id":"ref-gitrepo","path":"/0.6/ref-gitrepo","sidebar":"docs"},{"id":"ref-registration","path":"/0.6/ref-registration","sidebar":"docs"},{"id":"ref-resources","path":"/0.6/ref-resources","sidebar":"docs"},{"id":"troubleshooting","path":"/0.6/troubleshooting","sidebar":"docs"},{"id":"tut-deployment","path":"/0.6/tut-deployment","sidebar":"docs"},{"id":"uninstall","path":"/0.6/uninstall","sidebar":"docs"},{"id":"webhook","path":"/0.6/webhook","sidebar":"docs"}],"draftIds":[],"sidebars":{"docs":{"link":{"path":"/0.6/","label":"index"}}}},{"name":"0.5","label":"0.5","isLast":false,"path":"/0.5","mainDocId":"index","docs":[{"id":"advanced-users","path":"/0.5/advanced-users","sidebar":"docs"},{"id":"agent-initiated","path":"/0.5/agent-initiated","sidebar":"docs"},{"id":"architecture","path":"/0.5/architecture","sidebar":"docs"},{"id":"bundle-diffs","path":"/0.5/bundle-diffs","sidebar":"docs"},{"id":"cluster-bundles-state","path":"/0.5/cluster-bundles-state","sidebar":"docs"},{"id":"cluster-group","path":"/0.5/cluster-group","sidebar":"docs"},{"id":"cluster-overview","path":"/0.5/cluster-overview","sidebar":"docs"},{"id":"cluster-tokens","path":"/0.5/cluster-tokens","sidebar":"docs"},{"id":"concepts","path":"/0.5/concepts","sidebar":"docs"},{"id":"examples","path":"/0.5/examples","sidebar":"docs"},{"id":"gitrepo-add","path":"/0.5/gitrepo-add","sidebar":"docs"},{"id":"gitrepo-structure","path":"/0.5/gitrepo-structure","sidebar":"docs"},{"id":"gitrepo-targets","path":"/0.5/gitrepo-targets","sidebar":"docs"},{"id":"imagescan","path":"/0.5/imagescan","sidebar":"docs"},{"id":"index","path":"/0.5/","sidebar":"docs"},{"id":"installation","path":"/0.5/installation","sidebar":"docs"},{"id":"manager-initiated","path":"/0.5/manager-initiated","sidebar":"docs"},{"id":"multi-cluster-install","path":"/0.5/multi-cluster-install","sidebar":"docs"},{"id":"namespaces","path":"/0.5/namespaces","sidebar":"docs"},{"id":"quickstart","path":"/0.5/quickstart","sidebar":"docs"},{"id":"single-cluster-install","path":"/0.5/single-cluster-install","sidebar":"docs"},{"id":"troubleshooting","path":"/0.5/troubleshooting","sidebar":"docs"},{"id":"uninstall","path":"/0.5/uninstall","sidebar":"docs"},{"id":"webhook","path":"/0.5/webhook","sidebar":"docs"}],"draftIds":[],"sidebars":{"docs":{"link":{"path":"/0.5/","label":"index"}}}},{"name":"0.4","label":"0.4","isLast":false,"path":"/0.4","mainDocId":"index","docs":[{"id":"advanced-users","path":"/0.4/advanced-users","sidebar":"docs"},{"id":"agent-initiated","path":"/0.4/agent-initiated","sidebar":"docs"},{"id":"architecture","path":"/0.4/architecture","sidebar":"docs"},{"id":"bundle-diffs","path":"/0.4/bundle-diffs","sidebar":"docs"},{"id":"cluster-bundles-state","path":"/0.4/cluster-bundles-state","sidebar":"docs"},{"id":"cluster-group","path":"/0.4/cluster-group","sidebar":"docs"},{"id":"cluster-overview","path":"/0.4/cluster-overview","sidebar":"docs"},{"id":"cluster-tokens","path":"/0.4/cluster-tokens","sidebar":"docs"},{"id":"concepts","path":"/0.4/concepts","sidebar":"docs"},{"id":"examples","path":"/0.4/examples","sidebar":"docs"},{"id":"gitrepo-add","path":"/0.4/gitrepo-add","sidebar":"docs"},{"id":"gitrepo-structure","path":"/0.4/gitrepo-structure","sidebar":"docs"},{"id":"gitrepo-targets","path":"/0.4/gitrepo-targets","sidebar":"docs"},{"id":"imagescan","path":"/0.4/imagescan","sidebar":"docs"},{"id":"index","path":"/0.4/","sidebar":"docs"},{"id":"installation","path":"/0.4/installation","sidebar":"docs"},{"id":"manager-initiated","path":"/0.4/manager-initiated","sidebar":"docs"},{"id":"multi-cluster-install","path":"/0.4/multi-cluster-install","sidebar":"docs"},{"id":"namespaces","path":"/0.4/namespaces","sidebar":"docs"},{"id":"quickstart","path":"/0.4/quickstart","sidebar":"docs"},{"id":"single-cluster-install","path":"/0.4/single-cluster-install","sidebar":"docs"},{"id":"troubleshooting","path":"/0.4/troubleshooting","sidebar":"docs"},{"id":"uninstall","path":"/0.4/uninstall","sidebar":"docs"},{"id":"webhook","path":"/0.4/webhook","sidebar":"docs"}],"draftIds":[],"sidebars":{"docs":{"link":{"path":"/0.4/","label":"index"}}}}],"breadcrumbs":true}}}'),i=JSON.parse('{"defaultLocale":"en","locales":["en"],"path":"i18n","currentLocale":"en","localeConfigs":{"en":{"label":"English","direction":"ltr","htmlLang":"en","calendar":"gregory","path":"en"}}}');var l=n(7529);const s=JSON.parse('{"docusaurusVersion":"2.3.1","siteVersion":"0.0.0","pluginVersions":{"docusaurus-plugin-content-docs":{"type":"package","name":"@docusaurus/plugin-content-docs","version":"2.3.1"},"docusaurus-plugin-content-pages":{"type":"package","name":"@docusaurus/plugin-content-pages","version":"2.3.1"},"docusaurus-plugin-sitemap":{"type":"package","name":"@docusaurus/plugin-sitemap","version":"2.3.1"},"docusaurus-theme-classic":{"type":"package","name":"@docusaurus/theme-classic","version":"2.3.1"},"docusaurus-theme-search-algolia":{"type":"package","name":"@docusaurus/theme-search-algolia","version":"2.3.1"}}}'),c={siteConfig:a.Z,siteMetadata:s,globalData:o,i18n:i,codeTranslations:l},u=r.createContext(c);function d(e){let{children:t}=e;return r.createElement(u.Provider,{value:c},t)}},4763:(e,t,n)=>{"use strict";n.d(t,{Z:()=>u});var r=n(7294),a=n(412),o=n(5742),i=n(4774);function l(e){let{error:t,tryAgain:n}=e;return r.createElement("div",{style:{display:"flex",flexDirection:"column",justifyContent:"center",alignItems:"center",height:"50vh",width:"100%",fontSize:"20px"}},r.createElement("h1",null,"This page crashed."),r.createElement("p",null,t.message),r.createElement("button",{type:"button",onClick:n},"Try again"))}function s(e){let{error:t,tryAgain:n}=e;return r.createElement(u,{fallback:()=>r.createElement(l,{error:t,tryAgain:n})},r.createElement(o.Z,null,r.createElement("title",null,"Page Error")),r.createElement(i.Z,null,r.createElement(l,{error:t,tryAgain:n})))}const c=e=>r.createElement(s,e);class u extends r.Component{constructor(e){super(e),this.state={error:null}}componentDidCatch(e){a.Z.canUseDOM&&this.setState({error:e})}render(){const{children:e}=this.props,{error:t}=this.state;if(t){const e={error:t,tryAgain:()=>this.setState({error:null})};return(this.props.fallback??c)(e)}return e??null}}},412:(e,t,n)=>{"use strict";n.d(t,{Z:()=>a});const r="undefined"!=typeof window&&"document"in window&&"createElement"in window.document,a={canUseDOM:r,canUseEventListeners:r&&("addEventListener"in window||"attachEvent"in window),canUseIntersectionObserver:r&&"IntersectionObserver"in window,canUseViewport:r&&"screen"in window}},5742:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294),a=n(405);function o(e){return r.createElement(a.ql,e)}},9960:(e,t,n)=>{"use strict";n.d(t,{Z:()=>p});var r=n(7462),a=n(7294),o=n(3727),i=n(8780),l=n(2263),s=n(3919),c=n(412);const u=a.createContext({collectLink:()=>{}});var d=n(4996);function f(e,t){var n;let{isNavLink:f,to:p,href:m,activeClassName:h,isActive:g,"data-noBrokenLinkCheck":b,autoAddBaseUrl:v=!0,...y}=e;const{siteConfig:{trailingSlash:w,baseUrl:k}}=(0,l.Z)(),{withBaseUrl:E}=(0,d.C)(),_=(0,a.useContext)(u),S=(0,a.useRef)(null);(0,a.useImperativeHandle)(t,(()=>S.current));const x=p||m;const C=(0,s.Z)(x),T=null==x?void 0:x.replace("pathname://","");let A=void 0!==T?(L=T,v&&(e=>e.startsWith("/"))(L)?E(L):L):void 0;var L;A&&C&&(A=(0,i.applyTrailingSlash)(A,{trailingSlash:w,baseUrl:k}));const R=(0,a.useRef)(!1),P=f?o.OL:o.rU,N=c.Z.canUseIntersectionObserver,O=(0,a.useRef)(),I=()=>{R.current||null==A||(window.docusaurus.preload(A),R.current=!0)};(0,a.useEffect)((()=>(!N&&C&&null!=A&&window.docusaurus.prefetch(A),()=>{N&&O.current&&O.current.disconnect()})),[O,A,N,C]);const D=(null==(n=A)?void 0:n.startsWith("#"))??!1,M=!A||!C||D;return M||b||_.collectLink(A),M?a.createElement("a",(0,r.Z)({ref:S,href:A},x&&!C&&{target:"_blank",rel:"noopener noreferrer"},y)):a.createElement(P,(0,r.Z)({},y,{onMouseEnter:I,onTouchStart:I,innerRef:e=>{S.current=e,N&&e&&C&&(O.current=new window.IntersectionObserver((t=>{t.forEach((t=>{e===t.target&&(t.isIntersecting||t.intersectionRatio>0)&&(O.current.unobserve(e),O.current.disconnect(),null!=A&&window.docusaurus.prefetch(A))}))})),O.current.observe(e))},to:A},f&&{isActive:g,activeClassName:h}))}const p=a.forwardRef(f)},5999:(e,t,n)=>{"use strict";n.d(t,{Z:()=>s,I:()=>l});var r=n(7294);function a(e,t){const n=e.split(/(\{\w+\})/).map(((e,n)=>{if(n%2==1){const n=null==t?void 0:t[e.slice(1,-1)];if(void 0!==n)return n}return e}));return n.some((e=>(0,r.isValidElement)(e)))?n.map(((e,t)=>(0,r.isValidElement)(e)?r.cloneElement(e,{key:t}):e)).filter((e=>""!==e)):n.join("")}var o=n(7529);function i(e){let{id:t,message:n}=e;if(void 0===t&&void 0===n)throw new Error("Docusaurus translation declarations must have at least a translation id or a default translation message");return o[t??n]??n??t}function l(e,t){let{message:n,id:r}=e;return a(i({message:n,id:r}),t)}function s(e){let{children:t,id:n,values:o}=e;if(t&&"string"!=typeof t)throw console.warn("Illegal children",t),new Error("The Docusaurus component only accept simple string values");const l=i({message:t,id:n});return r.createElement(r.Fragment,null,a(l,o))}},9935:(e,t,n)=>{"use strict";n.d(t,{m:()=>r});const r="default"},3919:(e,t,n)=>{"use strict";function r(e){return/^(?:\w*:|\/\/)/.test(e)}function a(e){return void 0!==e&&!r(e)}n.d(t,{Z:()=>a,b:()=>r})},4996:(e,t,n)=>{"use strict";n.d(t,{C:()=>i,Z:()=>l});var r=n(7294),a=n(2263),o=n(3919);function i(){const{siteConfig:{baseUrl:e,url:t}}=(0,a.Z)(),n=(0,r.useCallback)(((n,r)=>function(e,t,n,r){let{forcePrependBaseUrl:a=!1,absolute:i=!1}=void 0===r?{}:r;if(!n||n.startsWith("#")||(0,o.b)(n))return n;if(a)return t+n.replace(/^\//,"");if(n===t.replace(/\/$/,""))return t;const l=n.startsWith(t)?n:t+n.replace(/^\//,"");return i?e+l:l}(t,e,n,r)),[t,e]);return{withBaseUrl:n}}function l(e,t){void 0===t&&(t={});const{withBaseUrl:n}=i();return n(e,t)}},2263:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294),a=n(8940);function o(){return(0,r.useContext)(a._)}},2389:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294),a=n(8934);function o(){return(0,r.useContext)(a._)}},9670:(e,t,n)=>{"use strict";n.d(t,{Z:()=>r});function r(e){const t={};return function e(n,r){Object.entries(n).forEach((n=>{let[a,o]=n;const i=r?`${r}.${a}`:a;var l;"object"==typeof(l=o)&&l&&Object.keys(l).length>0?e(o,i):t[i]=o}))}(e),t}},226:(e,t,n)=>{"use strict";n.d(t,{_:()=>a,z:()=>o});var r=n(7294);const a=r.createContext(null);function o(e){let{children:t,value:n}=e;const o=r.useContext(a),i=(0,r.useMemo)((()=>function(e){let{parent:t,value:n}=e;if(!t){if(!n)throw new Error("Unexpected: no Docusaurus route context found");if(!("plugin"in n))throw new Error("Unexpected: Docusaurus topmost route context has no `plugin` attribute");return n}const r={...t.data,...null==n?void 0:n.data};return{plugin:t.plugin,data:r}}({parent:o,value:n})),[o,n]);return r.createElement(a.Provider,{value:i},t)}},143:(e,t,n)=>{"use strict";n.d(t,{Iw:()=>b,gA:()=>p,WS:()=>m,_r:()=>d,Jo:()=>v,zh:()=>f,yW:()=>g,gB:()=>h});var r=n(6550),a=n(2263),o=n(9935);function i(e,t){void 0===t&&(t={});const n=function(){const{globalData:e}=(0,a.Z)();return e}()[e];if(!n&&t.failfast)throw new Error(`Docusaurus plugin global data not found for "${e}" plugin.`);return n}const l=e=>e.versions.find((e=>e.isLast));function s(e,t){const n=l(e);return[...e.versions.filter((e=>e!==n)),n].find((e=>!!(0,r.LX)(t,{path:e.path,exact:!1,strict:!1})))}function c(e,t){const n=s(e,t),a=null==n?void 0:n.docs.find((e=>!!(0,r.LX)(t,{path:e.path,exact:!0,strict:!1})));return{activeVersion:n,activeDoc:a,alternateDocVersions:a?function(t){const n={};return e.versions.forEach((e=>{e.docs.forEach((r=>{r.id===t&&(n[e.name]=r)}))})),n}(a.id):{}}}const u={},d=()=>i("docusaurus-plugin-content-docs")??u,f=e=>function(e,t,n){void 0===t&&(t=o.m),void 0===n&&(n={});const r=i(e),a=null==r?void 0:r[t];if(!a&&n.failfast)throw new Error(`Docusaurus plugin global data not found for "${e}" plugin with id "${t}".`);return a}("docusaurus-plugin-content-docs",e,{failfast:!0});function p(e){void 0===e&&(e={});const t=d(),{pathname:n}=(0,r.TH)();return function(e,t,n){void 0===n&&(n={});const a=Object.entries(e).sort(((e,t)=>t[1].path.localeCompare(e[1].path))).find((e=>{let[,n]=e;return!!(0,r.LX)(t,{path:n.path,exact:!1,strict:!1})})),o=a?{pluginId:a[0],pluginData:a[1]}:void 0;if(!o&&n.failfast)throw new Error(`Can't find active docs plugin for "${t}" pathname, while it was expected to be found. Maybe you tried to use a docs feature that can only be used on a docs-related page? Existing docs plugin paths are: ${Object.values(e).map((e=>e.path)).join(", ")}`);return o}(t,n,e)}function m(e){void 0===e&&(e={});const t=p(e),{pathname:n}=(0,r.TH)();if(!t)return;return{activePlugin:t,activeVersion:s(t.pluginData,n)}}function h(e){return f(e).versions}function g(e){const t=f(e);return l(t)}function b(e){const t=f(e),{pathname:n}=(0,r.TH)();return c(t,n)}function v(e){const t=f(e),{pathname:n}=(0,r.TH)();return function(e,t){const n=l(e);return{latestDocSuggestion:c(e,t).alternateDocVersions[n.name],latestVersionSuggestion:n}}(t,n)}},8320:(e,t,n)=>{"use strict";n.r(t),n.d(t,{default:()=>o});var r=n(4865),a=n.n(r);a().configure({showSpinner:!1});const o={onRouteUpdate(e){let{location:t,previousLocation:n}=e;if(n&&t.pathname!==n.pathname){const e=window.setTimeout((()=>{a().start()}),200);return()=>window.clearTimeout(e)}},onRouteDidUpdate(){a().done()}}},3310:(e,t,n)=>{"use strict";n.r(t);var r=n(7410),a=n(6809);!function(e){const{themeConfig:{prism:t}}=a.Z,{additionalLanguages:r}=t;globalThis.Prism=e,r.forEach((e=>{n(6726)(`./prism-${e}`)})),delete globalThis.Prism}(r.Z)},9471:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294);const a="iconExternalLink_nPIU";function o(e){let{width:t=13.5,height:n=13.5}=e;return r.createElement("svg",{width:t,height:n,"aria-hidden":"true",viewBox:"0 0 24 24",className:a},r.createElement("path",{fill:"currentColor",d:"M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"}))}},4774:(e,t,n)=>{"use strict";n.d(t,{Z:()=>Tt});var r=n(7294),a=n(6010),o=n(4763),i=n(833),l=n(7462),s=n(6550),c=n(5999),u=n(5936);const d="docusaurus_skipToContent_fallback";function f(e){e.setAttribute("tabindex","-1"),e.focus(),e.removeAttribute("tabindex")}function p(){const e=(0,r.useRef)(null),{action:t}=(0,s.k6)(),n=(0,r.useCallback)((e=>{e.preventDefault();const t=document.querySelector("main:first-of-type")??document.getElementById(d);t&&f(t)}),[]);return(0,u.S)((n=>{let{location:r}=n;e.current&&!r.hash&&"PUSH"===t&&f(e.current)})),{containerRef:e,onClick:n}}const m=(0,c.I)({id:"theme.common.skipToMainContent",description:"The skip to content label used for accessibility, allowing to rapidly navigate to main content with keyboard tab/enter navigation",message:"Skip to main content"});function h(e){const t=e.children??m,{containerRef:n,onClick:a}=p();return r.createElement("div",{ref:n,role:"region","aria-label":m},r.createElement("a",(0,l.Z)({},e,{href:`#${d}`,onClick:a}),t))}var g=n(5281),b=n(9727);const v="skipToContent_fXgn";function y(){return r.createElement(h,{className:v})}var w=n(6668),k=n(9689);function E(e){let{width:t=21,height:n=21,color:a="currentColor",strokeWidth:o=1.2,className:i,...s}=e;return r.createElement("svg",(0,l.Z)({viewBox:"0 0 15 15",width:t,height:n},s),r.createElement("g",{stroke:a,strokeWidth:o},r.createElement("path",{d:"M.75.75l13.5 13.5M14.25.75L.75 14.25"})))}const _="closeButton_CVFx";function S(e){return r.createElement("button",(0,l.Z)({type:"button","aria-label":(0,c.I)({id:"theme.AnnouncementBar.closeButtonAriaLabel",message:"Close",description:"The ARIA label for close button of announcement bar"})},e,{className:(0,a.Z)("clean-btn close",_,e.className)}),r.createElement(E,{width:14,height:14,strokeWidth:3.1}))}const x="content_knG7";function C(e){const{announcementBar:t}=(0,w.L)(),{content:n}=t;return r.createElement("div",(0,l.Z)({},e,{className:(0,a.Z)(x,e.className),dangerouslySetInnerHTML:{__html:n}}))}const T="announcementBar_mb4j",A="announcementBarPlaceholder_vyr4",L="announcementBarClose_gvF7",R="announcementBarContent_xLdY";function P(){const{announcementBar:e}=(0,w.L)(),{isActive:t,close:n}=(0,k.nT)();if(!t)return null;const{backgroundColor:a,textColor:o,isCloseable:i}=e;return r.createElement("div",{className:T,style:{backgroundColor:a,color:o},role:"banner"},i&&r.createElement("div",{className:A}),r.createElement(C,{className:R}),i&&r.createElement(S,{onClick:n,className:L}))}var N=n(3163),O=n(2466);var I=n(902),D=n(3102);const M=r.createContext(null);function F(e){let{children:t}=e;const n=function(){const e=(0,N.e)(),t=(0,D.HY)(),[n,a]=(0,r.useState)(!1),o=null!==t.component,i=(0,I.D9)(o);return(0,r.useEffect)((()=>{o&&!i&&a(!0)}),[o,i]),(0,r.useEffect)((()=>{o?e.shown||a(!0):a(!1)}),[e.shown,o]),(0,r.useMemo)((()=>[n,a]),[n])}();return r.createElement(M.Provider,{value:n},t)}function B(e){if(e.component){const t=e.component;return r.createElement(t,e.props)}}function j(){const e=(0,r.useContext)(M);if(!e)throw new I.i6("NavbarSecondaryMenuDisplayProvider");const[t,n]=e,a=(0,r.useCallback)((()=>n(!1)),[n]),o=(0,D.HY)();return(0,r.useMemo)((()=>({shown:t,hide:a,content:B(o)})),[a,o,t])}function z(e){let{header:t,primaryMenu:n,secondaryMenu:o}=e;const{shown:i}=j();return r.createElement("div",{className:"navbar-sidebar"},t,r.createElement("div",{className:(0,a.Z)("navbar-sidebar__items",{"navbar-sidebar__items--show-secondary":i})},r.createElement("div",{className:"navbar-sidebar__item menu"},n),r.createElement("div",{className:"navbar-sidebar__item menu"},o)))}var U=n(2949),$=n(2389);function q(e){return r.createElement("svg",(0,l.Z)({viewBox:"0 0 24 24",width:24,height:24},e),r.createElement("path",{fill:"currentColor",d:"M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"}))}function H(e){return r.createElement("svg",(0,l.Z)({viewBox:"0 0 24 24",width:24,height:24},e),r.createElement("path",{fill:"currentColor",d:"M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"}))}const G={toggle:"toggle_vylO",toggleButton:"toggleButton_gllP",darkToggleIcon:"darkToggleIcon_wfgR",lightToggleIcon:"lightToggleIcon_pyhR",toggleButtonDisabled:"toggleButtonDisabled_aARS"};function Z(e){let{className:t,value:n,onChange:o}=e;const i=(0,$.Z)(),l=(0,c.I)({message:"Switch between dark and light mode (currently {mode})",id:"theme.colorToggle.ariaLabel",description:"The ARIA label for the navbar color mode toggle"},{mode:"dark"===n?(0,c.I)({message:"dark mode",id:"theme.colorToggle.ariaLabel.mode.dark",description:"The name for the dark color mode"}):(0,c.I)({message:"light mode",id:"theme.colorToggle.ariaLabel.mode.light",description:"The name for the light color mode"})});return r.createElement("div",{className:(0,a.Z)(G.toggle,t)},r.createElement("button",{className:(0,a.Z)("clean-btn",G.toggleButton,!i&&G.toggleButtonDisabled),type:"button",onClick:()=>o("dark"===n?"light":"dark"),disabled:!i,title:l,"aria-label":l,"aria-live":"polite"},r.createElement(q,{className:(0,a.Z)(G.toggleIcon,G.lightToggleIcon)}),r.createElement(H,{className:(0,a.Z)(G.toggleIcon,G.darkToggleIcon)})))}const V=r.memo(Z);function W(e){let{className:t}=e;const n=(0,w.L)().colorMode.disableSwitch,{colorMode:a,setColorMode:o}=(0,U.I)();return n?null:r.createElement(V,{className:t,value:a,onChange:o})}var K=n(1327);function Y(){return r.createElement(K.Z,{className:"navbar__brand",imageClassName:"navbar__logo",titleClassName:"navbar__title text--truncate"})}function Q(){const e=(0,N.e)();return r.createElement("button",{type:"button","aria-label":(0,c.I)({id:"theme.docs.sidebar.closeSidebarButtonAriaLabel",message:"Close navigation bar",description:"The ARIA label for close button of mobile sidebar"}),className:"clean-btn navbar-sidebar__close",onClick:()=>e.toggle()},r.createElement(E,{color:"var(--ifm-color-emphasis-600)"}))}function X(){return r.createElement("div",{className:"navbar-sidebar__brand"},r.createElement(Y,null),r.createElement(W,{className:"margin-right--md"}),r.createElement(Q,null))}var J=n(9960),ee=n(4996),te=n(3919),ne=n(8022),re=n(9471);function ae(e){let{activeBasePath:t,activeBaseRegex:n,to:a,href:o,label:i,html:s,isDropdownLink:c,prependBaseUrlToHref:u,...d}=e;const f=(0,ee.Z)(a),p=(0,ee.Z)(t),m=(0,ee.Z)(o,{forcePrependBaseUrl:!0}),h=i&&o&&!(0,te.Z)(o),g=s?{dangerouslySetInnerHTML:{__html:s}}:{children:r.createElement(r.Fragment,null,i,h&&r.createElement(re.Z,c&&{width:12,height:12}))};return o?r.createElement(J.Z,(0,l.Z)({href:u?m:o},d,g)):r.createElement(J.Z,(0,l.Z)({to:f,isNavLink:!0},(t||n)&&{isActive:(e,t)=>n?(0,ne.F)(n,t.pathname):t.pathname.startsWith(p)},d,g))}function oe(e){let{className:t,isDropdownItem:n=!1,...o}=e;const i=r.createElement(ae,(0,l.Z)({className:(0,a.Z)(n?"dropdown__link":"navbar__item navbar__link",t),isDropdownLink:n},o));return n?r.createElement("li",null,i):i}function ie(e){let{className:t,isDropdownItem:n,...o}=e;return r.createElement("li",{className:"menu__list-item"},r.createElement(ae,(0,l.Z)({className:(0,a.Z)("menu__link",t)},o)))}function le(e){let{mobile:t=!1,position:n,...a}=e;const o=t?ie:oe;return r.createElement(o,(0,l.Z)({},a,{activeClassName:a.activeClassName??(t?"menu__link--active":"navbar__link--active")}))}var se=n(6043),ce=n(8596),ue=n(2263);function de(e,t){return e.some((e=>function(e,t){return!!(0,ce.Mg)(e.to,t)||!!(0,ne.F)(e.activeBaseRegex,t)||!(!e.activeBasePath||!t.startsWith(e.activeBasePath))}(e,t)))}function fe(e){let{items:t,position:n,className:o,onClick:i,...s}=e;const c=(0,r.useRef)(null),[u,d]=(0,r.useState)(!1);return(0,r.useEffect)((()=>{const e=e=>{c.current&&!c.current.contains(e.target)&&d(!1)};return document.addEventListener("mousedown",e),document.addEventListener("touchstart",e),()=>{document.removeEventListener("mousedown",e),document.removeEventListener("touchstart",e)}}),[c]),r.createElement("div",{ref:c,className:(0,a.Z)("navbar__item","dropdown","dropdown--hoverable",{"dropdown--right":"right"===n,"dropdown--show":u})},r.createElement(ae,(0,l.Z)({"aria-haspopup":"true","aria-expanded":u,role:"button",href:s.to?void 0:"#",className:(0,a.Z)("navbar__link",o)},s,{onClick:s.to?void 0:e=>e.preventDefault(),onKeyDown:e=>{"Enter"===e.key&&(e.preventDefault(),d(!u))}}),s.children??s.label),r.createElement("ul",{className:"dropdown__menu"},t.map(((e,n)=>r.createElement(Ge,(0,l.Z)({isDropdownItem:!0,onKeyDown:e=>{if(n===t.length-1&&"Tab"===e.key){e.preventDefault(),d(!1);const t=c.current.nextElementSibling;if(t){(t instanceof HTMLAnchorElement?t:t.querySelector("a")).focus()}}},activeClassName:"dropdown__link--active"},e,{key:n}))))))}function pe(e){let{items:t,className:n,position:o,onClick:i,...c}=e;const u=function(){const{siteConfig:{baseUrl:e}}=(0,ue.Z)(),{pathname:t}=(0,s.TH)();return t.replace(e,"/")}(),d=de(t,u),{collapsed:f,toggleCollapsed:p,setCollapsed:m}=(0,se.u)({initialState:()=>!d});return(0,r.useEffect)((()=>{d&&m(!d)}),[u,d,m]),r.createElement("li",{className:(0,a.Z)("menu__list-item",{"menu__list-item--collapsed":f})},r.createElement(ae,(0,l.Z)({role:"button",className:(0,a.Z)("menu__link menu__link--sublist menu__link--sublist-caret",n)},c,{onClick:e=>{e.preventDefault(),p()}}),c.children??c.label),r.createElement(se.z,{lazy:!0,as:"ul",className:"menu__list",collapsed:f},t.map(((e,t)=>r.createElement(Ge,(0,l.Z)({mobile:!0,isDropdownItem:!0,onClick:i,activeClassName:"menu__link--active"},e,{key:t}))))))}function me(e){let{mobile:t=!1,...n}=e;const a=t?pe:fe;return r.createElement(a,n)}var he=n(4711);function ge(e){let{width:t=20,height:n=20,...a}=e;return r.createElement("svg",(0,l.Z)({viewBox:"0 0 24 24",width:t,height:n,"aria-hidden":!0},a),r.createElement("path",{fill:"currentColor",d:"M12.87 15.07l-2.54-2.51.03-.03c1.74-1.94 2.98-4.17 3.71-6.53H17V4h-7V2H8v2H1v1.99h11.17C11.5 7.92 10.44 9.75 9 11.35 8.07 10.32 7.3 9.19 6.69 8h-2c.73 1.63 1.73 3.17 2.98 4.56l-5.09 5.02L4 19l5-5 3.11 3.11.76-2.04zM18.5 10h-2L12 22h2l1.12-3h4.75L21 22h2l-4.5-12zm-2.62 7l1.62-4.33L19.12 17h-3.24z"}))}const be="iconLanguage_nlXk";function ve(){return r.createElement("svg",{width:"15",height:"15",className:"DocSearch-Control-Key-Icon"},r.createElement("path",{d:"M4.505 4.496h2M5.505 5.496v5M8.216 4.496l.055 5.993M10 7.5c.333.333.5.667.5 1v2M12.326 4.5v5.996M8.384 4.496c1.674 0 2.116 0 2.116 1.5s-.442 1.5-2.116 1.5M3.205 9.303c-.09.448-.277 1.21-1.241 1.203C1 10.5.5 9.513.5 8V7c0-1.57.5-2.5 1.464-2.494.964.006 1.134.598 1.24 1.342M12.553 10.5h1.953",strokeWidth:"1.2",stroke:"currentColor",fill:"none",strokeLinecap:"square"}))}var ye=n(830),we=["translations"];function ke(){return ke=Object.assign||function(e){for(var t=1;te.length)&&(t=e.length);for(var n=0,r=new Array(t);n=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);for(r=0;r=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var xe="Ctrl";var Ce=r.forwardRef((function(e,t){var n=e.translations,a=void 0===n?{}:n,o=Se(e,we),i=a.buttonText,l=void 0===i?"Search":i,s=a.buttonAriaLabel,c=void 0===s?"Search":s,u=Ee((0,r.useState)(null),2),d=u[0],f=u[1];return(0,r.useEffect)((function(){"undefined"!=typeof navigator&&(/(Mac|iPhone|iPod|iPad)/i.test(navigator.platform)?f("\u2318"):f(xe))}),[]),r.createElement("button",ke({type:"button",className:"DocSearch DocSearch-Button","aria-label":c},o,{ref:t}),r.createElement("span",{className:"DocSearch-Button-Container"},r.createElement(ye.W,null),r.createElement("span",{className:"DocSearch-Button-Placeholder"},l)),r.createElement("span",{className:"DocSearch-Button-Keys"},null!==d&&r.createElement(r.Fragment,null,r.createElement("kbd",{className:"DocSearch-Button-Key"},d===xe?r.createElement(ve,null):d),r.createElement("kbd",{className:"DocSearch-Button-Key"},"K"))))})),Te=n(5742),Ae=n(6177),Le=n(239),Re=n(3320);var Pe=n(3935);const Ne={button:{buttonText:(0,c.I)({id:"theme.SearchBar.label",message:"Search",description:"The ARIA label and placeholder for search button"}),buttonAriaLabel:(0,c.I)({id:"theme.SearchBar.label",message:"Search",description:"The ARIA label and placeholder for search button"})},modal:{searchBox:{resetButtonTitle:(0,c.I)({id:"theme.SearchModal.searchBox.resetButtonTitle",message:"Clear the query",description:"The label and ARIA label for search box reset button"}),resetButtonAriaLabel:(0,c.I)({id:"theme.SearchModal.searchBox.resetButtonTitle",message:"Clear the query",description:"The label and ARIA label for search box reset button"}),cancelButtonText:(0,c.I)({id:"theme.SearchModal.searchBox.cancelButtonText",message:"Cancel",description:"The label and ARIA label for search box cancel button"}),cancelButtonAriaLabel:(0,c.I)({id:"theme.SearchModal.searchBox.cancelButtonText",message:"Cancel",description:"The label and ARIA label for search box cancel button"})},startScreen:{recentSearchesTitle:(0,c.I)({id:"theme.SearchModal.startScreen.recentSearchesTitle",message:"Recent",description:"The title for recent searches"}),noRecentSearchesText:(0,c.I)({id:"theme.SearchModal.startScreen.noRecentSearchesText",message:"No recent searches",description:"The text when no recent searches"}),saveRecentSearchButtonTitle:(0,c.I)({id:"theme.SearchModal.startScreen.saveRecentSearchButtonTitle",message:"Save this search",description:"The label for save recent search button"}),removeRecentSearchButtonTitle:(0,c.I)({id:"theme.SearchModal.startScreen.removeRecentSearchButtonTitle",message:"Remove this search from history",description:"The label for remove recent search button"}),favoriteSearchesTitle:(0,c.I)({id:"theme.SearchModal.startScreen.favoriteSearchesTitle",message:"Favorite",description:"The title for favorite searches"}),removeFavoriteSearchButtonTitle:(0,c.I)({id:"theme.SearchModal.startScreen.removeFavoriteSearchButtonTitle",message:"Remove this search from favorites",description:"The label for remove favorite search button"})},errorScreen:{titleText:(0,c.I)({id:"theme.SearchModal.errorScreen.titleText",message:"Unable to fetch results",description:"The title for error screen of search modal"}),helpText:(0,c.I)({id:"theme.SearchModal.errorScreen.helpText",message:"You might want to check your network connection.",description:"The help text for error screen of search modal"})},footer:{selectText:(0,c.I)({id:"theme.SearchModal.footer.selectText",message:"to select",description:"The explanatory text of the action for the enter key"}),selectKeyAriaLabel:(0,c.I)({id:"theme.SearchModal.footer.selectKeyAriaLabel",message:"Enter key",description:"The ARIA label for the Enter key button that makes the selection"}),navigateText:(0,c.I)({id:"theme.SearchModal.footer.navigateText",message:"to navigate",description:"The explanatory text of the action for the Arrow up and Arrow down key"}),navigateUpKeyAriaLabel:(0,c.I)({id:"theme.SearchModal.footer.navigateUpKeyAriaLabel",message:"Arrow up",description:"The ARIA label for the Arrow up key button that makes the navigation"}),navigateDownKeyAriaLabel:(0,c.I)({id:"theme.SearchModal.footer.navigateDownKeyAriaLabel",message:"Arrow down",description:"The ARIA label for the Arrow down key button that makes the navigation"}),closeText:(0,c.I)({id:"theme.SearchModal.footer.closeText",message:"to close",description:"The explanatory text of the action for Escape key"}),closeKeyAriaLabel:(0,c.I)({id:"theme.SearchModal.footer.closeKeyAriaLabel",message:"Escape key",description:"The ARIA label for the Escape key button that close the modal"}),searchByText:(0,c.I)({id:"theme.SearchModal.footer.searchByText",message:"Search by",description:"The text explain that the search is making by Algolia"})},noResultsScreen:{noResultsText:(0,c.I)({id:"theme.SearchModal.noResultsScreen.noResultsText",message:"No results for",description:"The text explains that there are no results for the following search"}),suggestedQueryText:(0,c.I)({id:"theme.SearchModal.noResultsScreen.suggestedQueryText",message:"Try searching for",description:"The text for the suggested query when no results are found for the following search"}),reportMissingResultsText:(0,c.I)({id:"theme.SearchModal.noResultsScreen.reportMissingResultsText",message:"Believe this query should return results?",description:"The text for the question where the user thinks there are missing results"}),reportMissingResultsLinkText:(0,c.I)({id:"theme.SearchModal.noResultsScreen.reportMissingResultsLinkText",message:"Let us know.",description:"The text for the link to report missing results"})}},placeholder:(0,c.I)({id:"theme.SearchModal.placeholder",message:"Search docs",description:"The placeholder of the input of the DocSearch pop-up modal"})};let Oe=null;function Ie(e){let{hit:t,children:n}=e;return r.createElement(J.Z,{to:t.url},n)}function De(e){let{state:t,onClose:n}=e;const{generateSearchPageLink:a}=(0,Ae.O)();return r.createElement(J.Z,{to:a(t.query),onClick:n},r.createElement(c.Z,{id:"theme.SearchBar.seeAll",values:{count:t.context.nbHits}},"See all {count} results"))}function Me(e){var t;let{contextualSearch:a,externalUrlRegex:o,...i}=e;const{siteMetadata:c}=(0,ue.Z)(),u=(0,Le.l)(),d=function(){const{locale:e,tags:t}=(0,Re._q)();return[`language:${e}`,t.map((e=>`docusaurus_tag:${e}`))]}(),f=(null==(t=i.searchParameters)?void 0:t.facetFilters)??[],p=a?function(e,t){const n=e=>"string"==typeof e?[e]:e;return[...n(e),...n(t)]}(d,f):f,m={...i.searchParameters,facetFilters:p},h=(0,s.k6)(),g=(0,r.useRef)(null),b=(0,r.useRef)(null),[v,y]=(0,r.useState)(!1),[w,k]=(0,r.useState)(void 0),E=(0,r.useCallback)((()=>Oe?Promise.resolve():Promise.all([n.e(6780).then(n.bind(n,6780)),Promise.all([n.e(532),n.e(6945)]).then(n.bind(n,6945)),Promise.all([n.e(532),n.e(8894)]).then(n.bind(n,8894))]).then((e=>{let[{DocSearchModal:t}]=e;Oe=t}))),[]),_=(0,r.useCallback)((()=>{E().then((()=>{g.current=document.createElement("div"),document.body.insertBefore(g.current,document.body.firstChild),y(!0)}))}),[E,y]),S=(0,r.useCallback)((()=>{var e;y(!1),null==(e=g.current)||e.remove()}),[y]),x=(0,r.useCallback)((e=>{E().then((()=>{y(!0),k(e.key)}))}),[E,y,k]),C=(0,r.useRef)({navigate(e){let{itemUrl:t}=e;(0,ne.F)(o,t)?window.location.href=t:h.push(t)}}).current,T=(0,r.useRef)((e=>i.transformItems?i.transformItems(e):e.map((e=>({...e,url:u(e.url)}))))).current,A=(0,r.useMemo)((()=>e=>r.createElement(De,(0,l.Z)({},e,{onClose:S}))),[S]),L=(0,r.useCallback)((e=>(e.addAlgoliaAgent("docusaurus",c.docusaurusVersion),e)),[c.docusaurusVersion]);return function(e){var t=e.isOpen,n=e.onOpen,a=e.onClose,o=e.onInput,i=e.searchButtonRef;r.useEffect((function(){function e(e){(27===e.keyCode&&t||"k"===e.key.toLowerCase()&&(e.metaKey||e.ctrlKey)||!function(e){var t=e.target,n=t.tagName;return t.isContentEditable||"INPUT"===n||"SELECT"===n||"TEXTAREA"===n}(e)&&"/"===e.key&&!t)&&(e.preventDefault(),t?a():document.body.classList.contains("DocSearch--active")||document.body.classList.contains("DocSearch--active")||n()),i&&i.current===document.activeElement&&o&&/[a-zA-Z0-9]/.test(String.fromCharCode(e.keyCode))&&o(e)}return window.addEventListener("keydown",e),function(){window.removeEventListener("keydown",e)}}),[t,n,a,o,i])}({isOpen:v,onOpen:_,onClose:S,onInput:x,searchButtonRef:b}),r.createElement(r.Fragment,null,r.createElement(Te.Z,null,r.createElement("link",{rel:"preconnect",href:`https://${i.appId}-dsn.algolia.net`,crossOrigin:"anonymous"})),r.createElement(Ce,{onTouchStart:E,onFocus:E,onMouseOver:E,onClick:_,ref:b,translations:Ne.button}),v&&Oe&&g.current&&(0,Pe.createPortal)(r.createElement(Oe,(0,l.Z)({onClose:S,initialScrollY:window.scrollY,initialQuery:w,navigator:C,transformItems:T,hitComponent:Ie,transformSearchClient:L},i.searchPagePath&&{resultsFooterComponent:A},i,{searchParameters:m,placeholder:Ne.placeholder,translations:Ne.modal})),g.current))}function Fe(){const{siteConfig:e}=(0,ue.Z)();return r.createElement(Me,e.themeConfig.algolia)}const Be="searchBox_ZlJk";function je(e){let{children:t,className:n}=e;return r.createElement("div",{className:(0,a.Z)(n,Be)},t)}var ze=n(143),Ue=n(3438);var $e=n(373);const qe=e=>e.docs.find((t=>t.id===e.mainDocId));const He={default:le,localeDropdown:function(e){let{mobile:t,dropdownItemsBefore:n,dropdownItemsAfter:a,...o}=e;const{i18n:{currentLocale:i,locales:u,localeConfigs:d}}=(0,ue.Z)(),f=(0,he.l)(),{search:p,hash:m}=(0,s.TH)(),h=[...n,...u.map((e=>{const n=`${`pathname://${f.createUrl({locale:e,fullyQualified:!1})}`}${p}${m}`;return{label:d[e].label,lang:d[e].htmlLang,to:n,target:"_self",autoAddBaseUrl:!1,className:e===i?t?"menu__link--active":"dropdown__link--active":""}})),...a],g=t?(0,c.I)({message:"Languages",id:"theme.navbar.mobileLanguageDropdown.label",description:"The label for the mobile language switcher dropdown"}):d[i].label;return r.createElement(me,(0,l.Z)({},o,{mobile:t,label:r.createElement(r.Fragment,null,r.createElement(ge,{className:be}),g),items:h}))},search:function(e){let{mobile:t,className:n}=e;return t?null:r.createElement(je,{className:n},r.createElement(Fe,null))},dropdown:me,html:function(e){let{value:t,className:n,mobile:o=!1,isDropdownItem:i=!1}=e;const l=i?"li":"div";return r.createElement(l,{className:(0,a.Z)({navbar__item:!o&&!i,"menu__list-item":o},n),dangerouslySetInnerHTML:{__html:t}})},doc:function(e){let{docId:t,label:n,docsPluginId:a,...o}=e;const{activeDoc:i}=(0,ze.Iw)(a),s=(0,Ue.vY)(t,a);return null===s?null:r.createElement(le,(0,l.Z)({exact:!0},o,{isActive:()=>(null==i?void 0:i.path)===s.path||!(null==i||!i.sidebar)&&i.sidebar===s.sidebar,label:n??s.id,to:s.path}))},docSidebar:function(e){let{sidebarId:t,label:n,docsPluginId:a,...o}=e;const{activeDoc:i}=(0,ze.Iw)(a),s=(0,Ue.oz)(t,a).link;if(!s)throw new Error(`DocSidebarNavbarItem: Sidebar with ID "${t}" doesn't have anything to be linked to.`);return r.createElement(le,(0,l.Z)({exact:!0},o,{isActive:()=>(null==i?void 0:i.sidebar)===t,label:n??s.label,to:s.path}))},docsVersion:function(e){let{label:t,to:n,docsPluginId:a,...o}=e;const i=(0,Ue.lO)(a)[0],s=t??i.label,c=n??(e=>e.docs.find((t=>t.id===e.mainDocId)))(i).path;return r.createElement(le,(0,l.Z)({},o,{label:s,to:c}))},docsVersionDropdown:function(e){let{mobile:t,docsPluginId:n,dropdownActiveClassDisabled:a,dropdownItemsBefore:o,dropdownItemsAfter:i,...u}=e;const{search:d,hash:f}=(0,s.TH)(),p=(0,ze.Iw)(n),m=(0,ze.gB)(n),{savePreferredVersionName:h}=(0,$e.J)(n),g=[...o,...m.map((e=>{const t=p.alternateDocVersions[e.name]??qe(e);return{label:e.label,to:`${t.path}${d}${f}`,isActive:()=>e===p.activeVersion,onClick:()=>h(e.name)}})),...i],b=(0,Ue.lO)(n)[0],v=t&&g.length>1?(0,c.I)({id:"theme.navbar.mobileVersionsDropdown.label",message:"Versions",description:"The label for the navbar versions dropdown on mobile view"}):b.label,y=t&&g.length>1?void 0:qe(b).path;return g.length<=1?r.createElement(le,(0,l.Z)({},u,{mobile:t,label:v,to:y,isActive:a?()=>!1:void 0})):r.createElement(me,(0,l.Z)({},u,{mobile:t,label:v,to:y,items:g,isActive:a?()=>!1:void 0}))}};function Ge(e){let{type:t,...n}=e;const a=function(e,t){return e&&"default"!==e?e:"items"in t?"dropdown":"default"}(t,n),o=He[a];if(!o)throw new Error(`No NavbarItem component found for type "${t}".`);return r.createElement(o,n)}function Ze(){const e=(0,N.e)(),t=(0,w.L)().navbar.items;return r.createElement("ul",{className:"menu__list"},t.map(((t,n)=>r.createElement(Ge,(0,l.Z)({mobile:!0},t,{onClick:()=>e.toggle(),key:n})))))}function Ve(e){return r.createElement("button",(0,l.Z)({},e,{type:"button",className:"clean-btn navbar-sidebar__back"}),r.createElement(c.Z,{id:"theme.navbar.mobileSidebarSecondaryMenu.backButtonLabel",description:"The label of the back button to return to main menu, inside the mobile navbar sidebar secondary menu (notably used to display the docs sidebar)"},"\u2190 Back to main menu"))}function We(){const e=0===(0,w.L)().navbar.items.length,t=j();return r.createElement(r.Fragment,null,!e&&r.createElement(Ve,{onClick:()=>t.hide()}),t.content)}function Ke(){const e=(0,N.e)();var t;return void 0===(t=e.shown)&&(t=!0),(0,r.useEffect)((()=>(document.body.style.overflow=t?"hidden":"visible",()=>{document.body.style.overflow="visible"})),[t]),e.shouldRender?r.createElement(z,{header:r.createElement(X,null),primaryMenu:r.createElement(Ze,null),secondaryMenu:r.createElement(We,null)}):null}const Ye="navbarHideable_m1mJ",Qe="navbarHidden_jGov";function Xe(e){return r.createElement("div",(0,l.Z)({role:"presentation"},e,{className:(0,a.Z)("navbar-sidebar__backdrop",e.className)}))}function Je(e){let{children:t}=e;const{navbar:{hideOnScroll:n,style:o}}=(0,w.L)(),i=(0,N.e)(),{navbarRef:l,isNavbarVisible:s}=function(e){const[t,n]=(0,r.useState)(e),a=(0,r.useRef)(!1),o=(0,r.useRef)(0),i=(0,r.useCallback)((e=>{null!==e&&(o.current=e.getBoundingClientRect().height)}),[]);return(0,O.RF)(((t,r)=>{let{scrollY:i}=t;if(!e)return;if(i=l?n(!1):i+c{if(!e)return;const r=t.location.hash;if(r?document.getElementById(r.substring(1)):void 0)return a.current=!0,void n(!1);n(!0)})),{navbarRef:i,isNavbarVisible:t}}(n);return r.createElement("nav",{ref:l,"aria-label":(0,c.I)({id:"theme.NavBar.navAriaLabel",message:"Main",description:"The ARIA label for the main navigation"}),className:(0,a.Z)("navbar","navbar--fixed-top",n&&[Ye,!s&&Qe],{"navbar--dark":"dark"===o,"navbar--primary":"primary"===o,"navbar-sidebar--show":i.shown})},t,r.createElement(Xe,{onClick:i.toggle}),r.createElement(Ke,null))}function et(e){let{width:t=30,height:n=30,className:a,...o}=e;return r.createElement("svg",(0,l.Z)({className:a,width:t,height:n,viewBox:"0 0 30 30","aria-hidden":"true"},o),r.createElement("path",{stroke:"currentColor",strokeLinecap:"round",strokeMiterlimit:"10",strokeWidth:"2",d:"M4 7h22M4 15h22M4 23h22"}))}function tt(){const{toggle:e,shown:t}=(0,N.e)();return r.createElement("button",{onClick:e,"aria-label":(0,c.I)({id:"theme.docs.sidebar.toggleSidebarButtonAriaLabel",message:"Toggle navigation bar",description:"The ARIA label for hamburger menu button of mobile navigation"}),"aria-expanded":t,className:"navbar__toggle clean-btn",type:"button"},r.createElement(et,null))}const nt="colorModeToggle_DEke";function rt(e){let{items:t}=e;return r.createElement(r.Fragment,null,t.map(((e,t)=>r.createElement(Ge,(0,l.Z)({},e,{key:t})))))}function at(e){let{left:t,right:n}=e;return r.createElement("div",{className:"navbar__inner"},r.createElement("div",{className:"navbar__items"},t),r.createElement("div",{className:"navbar__items navbar__items--right"},n))}function ot(){const e=(0,N.e)(),t=(0,w.L)().navbar.items,[n,a]=function(e){function t(e){return"left"===(e.position??"right")}return[e.filter(t),e.filter((e=>!t(e)))]}(t),o=t.find((e=>"search"===e.type));return r.createElement(at,{left:r.createElement(r.Fragment,null,!e.disabled&&r.createElement(tt,null),r.createElement(Y,null),r.createElement(rt,{items:n})),right:r.createElement(r.Fragment,null,r.createElement(rt,{items:a}),r.createElement(W,{className:nt}),!o&&r.createElement(je,null,r.createElement(Fe,null)))})}function it(){return r.createElement(Je,null,r.createElement(ot,null))}function lt(e){let{item:t}=e;const{to:n,href:a,label:o,prependBaseUrlToHref:i,...s}=t,c=(0,ee.Z)(n),u=(0,ee.Z)(a,{forcePrependBaseUrl:!0});return r.createElement(J.Z,(0,l.Z)({className:"footer__link-item"},a?{href:i?u:a}:{to:c},s),o,a&&!(0,te.Z)(a)&&r.createElement(re.Z,null))}function st(e){let{item:t}=e;return t.html?r.createElement("li",{className:"footer__item",dangerouslySetInnerHTML:{__html:t.html}}):r.createElement("li",{key:t.href??t.to,className:"footer__item"},r.createElement(lt,{item:t}))}function ct(e){let{column:t}=e;return r.createElement("div",{className:"col footer__col"},r.createElement("div",{className:"footer__title"},t.title),r.createElement("ul",{className:"footer__items clean-list"},t.items.map(((e,t)=>r.createElement(st,{key:t,item:e})))))}function ut(e){let{columns:t}=e;return r.createElement("div",{className:"row footer__links"},t.map(((e,t)=>r.createElement(ct,{key:t,column:e}))))}function dt(){return r.createElement("span",{className:"footer__link-separator"},"\xb7")}function ft(e){let{item:t}=e;return t.html?r.createElement("span",{className:"footer__link-item",dangerouslySetInnerHTML:{__html:t.html}}):r.createElement(lt,{item:t})}function pt(e){let{links:t}=e;return r.createElement("div",{className:"footer__links text--center"},r.createElement("div",{className:"footer__links"},t.map(((e,n)=>r.createElement(r.Fragment,{key:n},r.createElement(ft,{item:e}),t.length!==n+1&&r.createElement(dt,null))))))}function mt(e){let{links:t}=e;return function(e){return"title"in e[0]}(t)?r.createElement(ut,{columns:t}):r.createElement(pt,{links:t})}var ht=n(941);const gt="footerLogoLink_BH7S";function bt(e){let{logo:t}=e;const{withBaseUrl:n}=(0,ee.C)(),o={light:n(t.src),dark:n(t.srcDark??t.src)};return r.createElement(ht.Z,{className:(0,a.Z)("footer__logo",t.className),alt:t.alt,sources:o,width:t.width,height:t.height,style:t.style})}function vt(e){let{logo:t}=e;return t.href?r.createElement(J.Z,{href:t.href,className:gt,target:t.target},r.createElement(bt,{logo:t})):r.createElement(bt,{logo:t})}function yt(e){let{copyright:t}=e;return r.createElement("div",{className:"footer__copyright",dangerouslySetInnerHTML:{__html:t}})}function wt(e){let{style:t,links:n,logo:o,copyright:i}=e;return r.createElement("footer",{className:(0,a.Z)("footer",{"footer--dark":"dark"===t})},r.createElement("div",{className:"container container-fluid"},n,(o||i)&&r.createElement("div",{className:"footer__bottom text--center"},o&&r.createElement("div",{className:"margin-bottom--sm"},o),i)))}function kt(){const{footer:e}=(0,w.L)();if(!e)return null;const{copyright:t,links:n,logo:a,style:o}=e;return r.createElement(wt,{style:o,links:n&&n.length>0&&r.createElement(mt,{links:n}),logo:a&&r.createElement(vt,{logo:a}),copyright:t&&r.createElement(yt,{copyright:t})})}const Et=r.memo(kt),_t=(0,I.Qc)([U.S,k.pl,O.OC,$e.L5,i.VC,function(e){let{children:t}=e;return r.createElement(D.n2,null,r.createElement(N.M,null,r.createElement(F,null,t)))}]);function St(e){let{children:t}=e;return r.createElement(_t,null,t)}function xt(e){let{error:t,tryAgain:n}=e;return r.createElement("main",{className:"container margin-vert--xl"},r.createElement("div",{className:"row"},r.createElement("div",{className:"col col--6 col--offset-3"},r.createElement("h1",{className:"hero__title"},r.createElement(c.Z,{id:"theme.ErrorPageContent.title",description:"The title of the fallback page when the page crashed"},"This page crashed.")),r.createElement("p",null,t.message),r.createElement("div",null,r.createElement("button",{type:"button",onClick:n},r.createElement(c.Z,{id:"theme.ErrorPageContent.tryAgain",description:"The label of the button to try again when the page crashed"},"Try again"))))))}const Ct="mainWrapper_z2l0";function Tt(e){const{children:t,noFooter:n,wrapperClassName:l,title:s,description:c}=e;return(0,b.t)(),r.createElement(St,null,r.createElement(i.d,{title:s,description:c}),r.createElement(y,null),r.createElement(P,null),r.createElement(it,null),r.createElement("div",{id:d,className:(0,a.Z)(g.k.wrapper.main,Ct,l)},r.createElement(o.Z,{fallback:e=>r.createElement(xt,e)},t)),!n&&r.createElement(Et,null))}},1327:(e,t,n)=>{"use strict";n.d(t,{Z:()=>d});var r=n(7462),a=n(7294),o=n(9960),i=n(4996),l=n(2263),s=n(6668),c=n(941);function u(e){let{logo:t,alt:n,imageClassName:r}=e;const o={light:(0,i.Z)(t.src),dark:(0,i.Z)(t.srcDark||t.src)},l=a.createElement(c.Z,{className:t.className,sources:o,height:t.height,width:t.width,alt:n,style:t.style});return r?a.createElement("div",{className:r},l):l}function d(e){const{siteConfig:{title:t}}=(0,l.Z)(),{navbar:{title:n,logo:c}}=(0,s.L)(),{imageClassName:d,titleClassName:f,...p}=e,m=(0,i.Z)((null==c?void 0:c.href)||"/"),h=n?"":t,g=(null==c?void 0:c.alt)??h;return a.createElement(o.Z,(0,r.Z)({to:m},p,(null==c?void 0:c.target)&&{target:c.target}),c&&a.createElement(u,{logo:c,alt:g,imageClassName:d}),null!=n&&a.createElement("b",{className:f},n))}},197:(e,t,n)=>{"use strict";n.d(t,{Z:()=>o});var r=n(7294),a=n(5742);function o(e){let{locale:t,version:n,tag:o}=e;const i=t;return r.createElement(a.Z,null,t&&r.createElement("meta",{name:"docusaurus_locale",content:t}),n&&r.createElement("meta",{name:"docusaurus_version",content:n}),o&&r.createElement("meta",{name:"docusaurus_tag",content:o}),i&&r.createElement("meta",{name:"docsearch:language",content:i}),n&&r.createElement("meta",{name:"docsearch:version",content:n}),o&&r.createElement("meta",{name:"docsearch:docusaurus_tag",content:o}))}},941:(e,t,n)=>{"use strict";n.d(t,{Z:()=>c});var r=n(7462),a=n(7294),o=n(6010),i=n(2389),l=n(2949);const s={themedImage:"themedImage_ToTc","themedImage--light":"themedImage--light_HNdA","themedImage--dark":"themedImage--dark_i4oU"};function c(e){const t=(0,i.Z)(),{colorMode:n}=(0,l.I)(),{sources:c,className:u,alt:d,...f}=e,p=t?"dark"===n?["dark"]:["light"]:["light","dark"];return a.createElement(a.Fragment,null,p.map((e=>a.createElement("img",(0,r.Z)({key:e,src:c[e],alt:d,className:(0,o.Z)(s.themedImage,s[`themedImage--${e}`],u)},f)))))}},6043:(e,t,n)=>{"use strict";n.d(t,{u:()=>i,z:()=>m});var r=n(7462),a=n(7294),o=n(412);function i(e){let{initialState:t}=e;const[n,r]=(0,a.useState)(t??!1),o=(0,a.useCallback)((()=>{r((e=>!e))}),[]);return{collapsed:n,setCollapsed:r,toggleCollapsed:o}}const l={display:"none",overflow:"hidden",height:"0px"},s={display:"block",overflow:"visible",height:"auto"};function c(e,t){const n=t?l:s;e.style.display=n.display,e.style.overflow=n.overflow,e.style.height=n.height}function u(e){let{collapsibleRef:t,collapsed:n,animation:r}=e;const o=(0,a.useRef)(!1);(0,a.useEffect)((()=>{const e=t.current;function a(){const t=e.scrollHeight,n=(null==r?void 0:r.duration)??function(e){const t=e/36;return Math.round(10*(4+15*t**.25+t/5))}(t);return{transition:`height ${n}ms ${(null==r?void 0:r.easing)??"ease-in-out"}`,height:`${t}px`}}function i(){const t=a();e.style.transition=t.transition,e.style.height=t.height}if(!o.current)return c(e,n),void(o.current=!0);return e.style.willChange="height",function(){const t=requestAnimationFrame((()=>{n?(i(),requestAnimationFrame((()=>{e.style.height=l.height,e.style.overflow=l.overflow}))):(e.style.display="block",requestAnimationFrame((()=>{i()})))}));return()=>cancelAnimationFrame(t)}()}),[t,n,r])}function d(e){if(!o.Z.canUseDOM)return e?l:s}function f(e){let{as:t="div",collapsed:n,children:r,animation:o,onCollapseTransitionEnd:i,className:l,disableSSRStyle:s}=e;const f=(0,a.useRef)(null);return u({collapsibleRef:f,collapsed:n,animation:o}),a.createElement(t,{ref:f,style:s?void 0:d(n),onTransitionEnd:e=>{"height"===e.propertyName&&(c(f.current,n),null==i||i(n))},className:l},r)}function p(e){let{collapsed:t,...n}=e;const[o,i]=(0,a.useState)(!t),[l,s]=(0,a.useState)(t);return(0,a.useLayoutEffect)((()=>{t||i(!0)}),[t]),(0,a.useLayoutEffect)((()=>{o&&s(t)}),[o,t]),o?a.createElement(f,(0,r.Z)({},n,{collapsed:l})):null}function m(e){let{lazy:t,...n}=e;const r=t?p:f;return a.createElement(r,n)}},9689:(e,t,n)=>{"use strict";n.d(t,{nT:()=>m,pl:()=>p});var r=n(7294),a=n(2389),o=n(12),i=n(902),l=n(6668);const s=(0,o.WA)("docusaurus.announcement.dismiss"),c=(0,o.WA)("docusaurus.announcement.id"),u=()=>"true"===s.get(),d=e=>s.set(String(e)),f=r.createContext(null);function p(e){let{children:t}=e;const n=function(){const{announcementBar:e}=(0,l.L)(),t=(0,a.Z)(),[n,o]=(0,r.useState)((()=>!!t&&u()));(0,r.useEffect)((()=>{o(u())}),[]);const i=(0,r.useCallback)((()=>{d(!0),o(!0)}),[]);return(0,r.useEffect)((()=>{if(!e)return;const{id:t}=e;let n=c.get();"annoucement-bar"===n&&(n="announcement-bar");const r=t!==n;c.set(t),r&&d(!1),!r&&u()||o(!1)}),[e]),(0,r.useMemo)((()=>({isActive:!!e&&!n,close:i})),[e,n,i])}();return r.createElement(f.Provider,{value:n},t)}function m(){const e=(0,r.useContext)(f);if(!e)throw new i.i6("AnnouncementBarProvider");return e}},2949:(e,t,n)=>{"use strict";n.d(t,{I:()=>g,S:()=>h});var r=n(7294),a=n(412),o=n(902),i=n(12),l=n(6668);const s=r.createContext(void 0),c="theme",u=(0,i.WA)(c),d="light",f="dark",p=e=>e===f?f:d;function m(){const{colorMode:{defaultMode:e,disableSwitch:t,respectPrefersColorScheme:n}}=(0,l.L)(),[o,i]=(0,r.useState)((e=>a.Z.canUseDOM?p(document.documentElement.getAttribute("data-theme")):p(e))(e));(0,r.useEffect)((()=>{t&&u.del()}),[t]);const s=(0,r.useCallback)((function(t,r){void 0===r&&(r={});const{persist:a=!0}=r;t?(i(t),a&&(e=>{u.set(p(e))})(t)):(i(n?window.matchMedia("(prefers-color-scheme: dark)").matches?f:d:e),u.del())}),[n,e]);(0,r.useEffect)((()=>{document.documentElement.setAttribute("data-theme",p(o))}),[o]),(0,r.useEffect)((()=>{if(t)return;const e=e=>{if(e.key!==c)return;const t=u.get();null!==t&&s(p(t))};return window.addEventListener("storage",e),()=>window.removeEventListener("storage",e)}),[t,s]);const m=(0,r.useRef)(!1);return(0,r.useEffect)((()=>{if(t&&!n)return;const e=window.matchMedia("(prefers-color-scheme: dark)"),r=()=>{window.matchMedia("print").matches||m.current?m.current=window.matchMedia("print").matches:s(null)};return e.addListener(r),()=>e.removeListener(r)}),[s,t,n]),(0,r.useMemo)((()=>({colorMode:o,setColorMode:s,get isDarkTheme(){return o===f},setLightTheme(){s(d)},setDarkTheme(){s(f)}})),[o,s])}function h(e){let{children:t}=e;const n=m();return r.createElement(s.Provider,{value:n},t)}function g(){const e=(0,r.useContext)(s);if(null==e)throw new o.i6("ColorModeProvider","Please see https://docusaurus.io/docs/api/themes/configuration#use-color-mode.");return e}},373:(e,t,n)=>{"use strict";n.d(t,{J:()=>y,L5:()=>b,Oh:()=>w});var r=n(7294),a=n(143),o=n(9935),i=n(6668),l=n(3438),s=n(902),c=n(12);const u=e=>`docs-preferred-version-${e}`,d=(e,t,n)=>{(0,c.WA)(u(e),{persistence:t}).set(n)},f=(e,t)=>(0,c.WA)(u(e),{persistence:t}).get(),p=(e,t)=>{(0,c.WA)(u(e),{persistence:t}).del()};const m=r.createContext(null);function h(){const e=(0,a._r)(),t=(0,i.L)().docs.versionPersistence,n=(0,r.useMemo)((()=>Object.keys(e)),[e]),[o,l]=(0,r.useState)((()=>(e=>Object.fromEntries(e.map((e=>[e,{preferredVersionName:null}]))))(n)));(0,r.useEffect)((()=>{l(function(e){let{pluginIds:t,versionPersistence:n,allDocsData:r}=e;function a(e){const t=f(e,n);return r[e].versions.some((e=>e.name===t))?{preferredVersionName:t}:(p(e,n),{preferredVersionName:null})}return Object.fromEntries(t.map((e=>[e,a(e)])))}({allDocsData:e,versionPersistence:t,pluginIds:n}))}),[e,t,n]);return[o,(0,r.useMemo)((()=>({savePreferredVersion:function(e,n){d(e,t,n),l((t=>({...t,[e]:{preferredVersionName:n}})))}})),[t])]}function g(e){let{children:t}=e;const n=h();return r.createElement(m.Provider,{value:n},t)}function b(e){let{children:t}=e;return l.cE?r.createElement(g,null,t):r.createElement(r.Fragment,null,t)}function v(){const e=(0,r.useContext)(m);if(!e)throw new s.i6("DocsPreferredVersionContextProvider");return e}function y(e){void 0===e&&(e=o.m);const t=(0,a.zh)(e),[n,i]=v(),{preferredVersionName:l}=n[e];return{preferredVersion:t.versions.find((e=>e.name===l))??null,savePreferredVersionName:(0,r.useCallback)((t=>{i.savePreferredVersion(e,t)}),[i,e])}}function w(){const e=(0,a._r)(),[t]=v();function n(n){const r=e[n],{preferredVersionName:a}=t[n];return r.versions.find((e=>e.name===a))??null}const r=Object.keys(e);return Object.fromEntries(r.map((e=>[e,n(e)])))}},1116:(e,t,n)=>{"use strict";n.d(t,{V:()=>s,b:()=>l});var r=n(7294),a=n(902);const o=Symbol("EmptyContext"),i=r.createContext(o);function l(e){let{children:t,name:n,items:a}=e;const o=(0,r.useMemo)((()=>n&&a?{name:n,items:a}:null),[n,a]);return r.createElement(i.Provider,{value:o},t)}function s(){const e=(0,r.useContext)(i);if(e===o)throw new a.i6("DocsSidebarProvider");return e}},3163:(e,t,n)=>{"use strict";n.d(t,{M:()=>d,e:()=>f});var r=n(7294),a=n(3102),o=n(7524),i=n(1980),l=n(6668),s=n(902);const c=r.createContext(void 0);function u(){const e=function(){const e=(0,a.HY)(),{items:t}=(0,l.L)().navbar;return 0===t.length&&!e.component}(),t=(0,o.i)(),n=!e&&"mobile"===t,[s,c]=(0,r.useState)(!1);(0,i.Rb)((()=>{if(s)return c(!1),!1}));const u=(0,r.useCallback)((()=>{c((e=>!e))}),[]);return(0,r.useEffect)((()=>{"desktop"===t&&c(!1)}),[t]),(0,r.useMemo)((()=>({disabled:e,shouldRender:n,toggle:u,shown:s})),[e,n,u,s])}function d(e){let{children:t}=e;const n=u();return r.createElement(c.Provider,{value:n},t)}function f(){const e=r.useContext(c);if(void 0===e)throw new s.i6("NavbarMobileSidebarProvider");return e}},3102:(e,t,n)=>{"use strict";n.d(t,{HY:()=>l,Zo:()=>s,n2:()=>i});var r=n(7294),a=n(902);const o=r.createContext(null);function i(e){let{children:t}=e;const n=(0,r.useState)({component:null,props:null});return r.createElement(o.Provider,{value:n},t)}function l(){const e=(0,r.useContext)(o);if(!e)throw new a.i6("NavbarSecondaryMenuContentProvider");return e[0]}function s(e){let{component:t,props:n}=e;const i=(0,r.useContext)(o);if(!i)throw new a.i6("NavbarSecondaryMenuContentProvider");const[,l]=i,s=(0,a.Ql)(n);return(0,r.useEffect)((()=>{l({component:t,props:s})}),[l,t,s]),(0,r.useEffect)((()=>()=>l({component:null,props:null})),[l]),null}},9727:(e,t,n)=>{"use strict";n.d(t,{h:()=>a,t:()=>o});var r=n(7294);const a="navigation-with-keyboard";function o(){(0,r.useEffect)((()=>{function e(e){"keydown"===e.type&&"Tab"===e.key&&document.body.classList.add(a),"mousedown"===e.type&&document.body.classList.remove(a)}return document.addEventListener("keydown",e),document.addEventListener("mousedown",e),()=>{document.body.classList.remove(a),document.removeEventListener("keydown",e),document.removeEventListener("mousedown",e)}}),[])}},6177:(e,t,n)=>{"use strict";n.d(t,{O:()=>l});var r=n(7294),a=n(6550),o=n(2263);const i="q";function l(){const e=(0,a.k6)(),{siteConfig:{baseUrl:t,themeConfig:n}}=(0,o.Z)(),{algolia:{searchPagePath:l}}=n,[s,c]=(0,r.useState)("");(0,r.useEffect)((()=>{const e=new URLSearchParams(window.location.search).get(i)??"";c(e)}),[]);return{searchQuery:s,setSearchQuery:(0,r.useCallback)((t=>{const n=new URLSearchParams(window.location.search);t?n.set(i,t):n.delete(i),e.replace({search:n.toString()}),c(t)}),[e]),generateSearchPageLink:(0,r.useCallback)((e=>`${t}${l}?q=${encodeURIComponent(e)}`),[t,l])}}},7524:(e,t,n)=>{"use strict";n.d(t,{i:()=>c});var r=n(7294),a=n(412);const o="desktop",i="mobile",l="ssr";function s(){return a.Z.canUseDOM?window.innerWidth>996?o:i:l}function c(){const[e,t]=(0,r.useState)((()=>s()));return(0,r.useEffect)((()=>{function e(){t(s())}return window.addEventListener("resize",e),()=>{window.removeEventListener("resize",e),clearTimeout(undefined)}}),[]),e}},5281:(e,t,n)=>{"use strict";n.d(t,{k:()=>r});const r={page:{blogListPage:"blog-list-page",blogPostPage:"blog-post-page",blogTagsListPage:"blog-tags-list-page",blogTagPostListPage:"blog-tags-post-list-page",docsDocPage:"docs-doc-page",docsTagsListPage:"docs-tags-list-page",docsTagDocListPage:"docs-tags-doc-list-page",mdxPage:"mdx-page"},wrapper:{main:"main-wrapper",blogPages:"blog-wrapper",docsPages:"docs-wrapper",mdxPages:"mdx-wrapper"},common:{editThisPage:"theme-edit-this-page",lastUpdated:"theme-last-updated",backToTopButton:"theme-back-to-top-button",codeBlock:"theme-code-block",admonition:"theme-admonition",admonitionType:e=>`theme-admonition-${e}`},layout:{},docs:{docVersionBanner:"theme-doc-version-banner",docVersionBadge:"theme-doc-version-badge",docBreadcrumbs:"theme-doc-breadcrumbs",docMarkdown:"theme-doc-markdown",docTocMobile:"theme-doc-toc-mobile",docTocDesktop:"theme-doc-toc-desktop",docFooter:"theme-doc-footer",docFooterTagsRow:"theme-doc-footer-tags-row",docFooterEditMetaRow:"theme-doc-footer-edit-meta-row",docSidebarContainer:"theme-doc-sidebar-container",docSidebarMenu:"theme-doc-sidebar-menu",docSidebarItemCategory:"theme-doc-sidebar-item-category",docSidebarItemLink:"theme-doc-sidebar-item-link",docSidebarItemCategoryLevel:e=>`theme-doc-sidebar-item-category-level-${e}`,docSidebarItemLinkLevel:e=>`theme-doc-sidebar-item-link-level-${e}`},blog:{}}},3438:(e,t,n)=>{"use strict";n.d(t,{Wl:()=>f,_F:()=>m,cE:()=>d,hI:()=>w,lO:()=>b,oz:()=>v,s1:()=>g,vY:()=>y});var r=n(7294),a=n(6550),o=n(8790),i=n(143),l=n(373),s=n(1116),c=n(7392),u=n(8596);const d=!!i._r;function f(e){if(e.href)return e.href;for(const t of e.items){if("link"===t.type)return t.href;if("category"===t.type){const e=f(t);if(e)return e}}}const p=(e,t)=>void 0!==e&&(0,u.Mg)(e,t);function m(e,t){return"link"===e.type?p(e.href,t):"category"===e.type&&(p(e.href,t)||((e,t)=>e.some((e=>m(e,t))))(e.items,t))}function h(e){let{sidebarItems:t,pathname:n,onlyCategories:r=!1}=e;const a=[];return function e(t){for(const o of t)if("category"===o.type&&((0,u.Mg)(o.href,n)||e(o.items))||"link"===o.type&&(0,u.Mg)(o.href,n)){return r&&"category"!==o.type||a.unshift(o),!0}return!1}(t),a}function g(){var e;const t=(0,s.V)(),{pathname:n}=(0,a.TH)();return!1!==(null==(e=(0,i.gA)())?void 0:e.pluginData.breadcrumbs)&&t?h({sidebarItems:t.items,pathname:n}):null}function b(e){const{activeVersion:t}=(0,i.Iw)(e),{preferredVersion:n}=(0,l.J)(e),a=(0,i.yW)(e);return(0,r.useMemo)((()=>(0,c.j)([t,n,a].filter(Boolean))),[t,n,a])}function v(e,t){const n=b(t);return(0,r.useMemo)((()=>{const t=n.flatMap((e=>e.sidebars?Object.entries(e.sidebars):[])),r=t.find((t=>t[0]===e));if(!r)throw new Error(`Can't find any sidebar with id "${e}" in version${n.length>1?"s":""} ${n.map((e=>e.name)).join(", ")}".\n Available sidebar ids are:\n - ${Object.keys(t).join("\n- ")}`);return r[1]}),[e,n])}function y(e,t){const n=b(t);return(0,r.useMemo)((()=>{const t=n.flatMap((e=>e.docs)),r=t.find((t=>t.id===e));if(!r){if(n.flatMap((e=>e.draftIds)).includes(e))return null;throw new Error(`DocNavbarItem: couldn't find any doc with id "${e}" in version${n.length>1?"s":""} ${n.map((e=>e.name)).join(", ")}".\nAvailable doc ids are:\n- ${(0,c.j)(t.map((e=>e.id))).join("\n- ")}`)}return r}),[e,n])}function w(e){let{route:t,versionMetadata:n}=e;const r=(0,a.TH)(),i=t.routes,l=i.find((e=>(0,a.LX)(r.pathname,e)));if(!l)return null;const s=l.sidebar,c=s?n.docsSidebars[s]:void 0;return{docElement:(0,o.H)(i),sidebarName:s,sidebarItems:c}}},2128:(e,t,n)=>{"use strict";n.d(t,{p:()=>a});var r=n(2263);function a(e){const{siteConfig:t}=(0,r.Z)(),{title:n,titleDelimiter:a}=t;return null!=e&&e.trim().length?`${e.trim()} ${a} ${n}`:n}},1980:(e,t,n)=>{"use strict";n.d(t,{Rb:()=>l,_X:()=>s});var r=n(7294),a=n(6550),o=n(1688),i=n(902);function l(e){!function(e){const t=(0,a.k6)(),n=(0,i.zX)(e);(0,r.useEffect)((()=>t.block(((e,t)=>n(e,t)))),[t,n])}(((t,n)=>{if("POP"===n)return e(t,n)}))}function s(e){return function(e){const t=(0,a.k6)();return(0,o.useSyncExternalStore)(t.listen,(()=>e(t)),(()=>e(t)))}((t=>null===e?null:new URLSearchParams(t.location.search).get(e)))}},7392:(e,t,n)=>{"use strict";function r(e,t){return void 0===t&&(t=(e,t)=>e===t),e.filter(((n,r)=>e.findIndex((e=>t(e,n)))!==r))}function a(e){return Array.from(new Set(e))}n.d(t,{j:()=>a,l:()=>r})},833:(e,t,n)=>{"use strict";n.d(t,{FG:()=>f,d:()=>u,VC:()=>p});var r=n(7294),a=n(6010),o=n(5742),i=n(226);function l(){const e=r.useContext(i._);if(!e)throw new Error("Unexpected: no Docusaurus route context found");return e}var s=n(4996),c=n(2128);function u(e){let{title:t,description:n,keywords:a,image:i,children:l}=e;const u=(0,c.p)(t),{withBaseUrl:d}=(0,s.C)(),f=i?d(i,{absolute:!0}):void 0;return r.createElement(o.Z,null,t&&r.createElement("title",null,u),t&&r.createElement("meta",{property:"og:title",content:u}),n&&r.createElement("meta",{name:"description",content:n}),n&&r.createElement("meta",{property:"og:description",content:n}),a&&r.createElement("meta",{name:"keywords",content:Array.isArray(a)?a.join(","):a}),f&&r.createElement("meta",{property:"og:image",content:f}),f&&r.createElement("meta",{name:"twitter:image",content:f}),l)}const d=r.createContext(void 0);function f(e){let{className:t,children:n}=e;const i=r.useContext(d),l=(0,a.Z)(i,t);return r.createElement(d.Provider,{value:l},r.createElement(o.Z,null,r.createElement("html",{className:l})),n)}function p(e){let{children:t}=e;const n=l(),o=`plugin-${n.plugin.name.replace(/docusaurus-(?:plugin|theme)-(?:content-)?/gi,"")}`;const i=`plugin-id-${n.plugin.id}`;return r.createElement(f,{className:(0,a.Z)(o,i)},t)}},902:(e,t,n)=>{"use strict";n.d(t,{D9:()=>i,Qc:()=>c,Ql:()=>s,i6:()=>l,zX:()=>o});var r=n(7294);const a=n(412).Z.canUseDOM?r.useLayoutEffect:r.useEffect;function o(e){const t=(0,r.useRef)(e);return a((()=>{t.current=e}),[e]),(0,r.useCallback)((function(){return t.current(...arguments)}),[])}function i(e){const t=(0,r.useRef)();return a((()=>{t.current=e})),t.current}class l extends Error{constructor(e,t){var n,r,a;super(),this.name="ReactContextError",this.message=`Hook ${(null==(n=this.stack)||null==(r=n.split("\n")[1])||null==(a=r.match(/at (?:\w+\.)?(?\w+)/))?void 0:a.groups.name)??""} is called outside the <${e}>. ${t??""}`}}function s(e){const t=Object.entries(e);return t.sort(((e,t)=>e[0].localeCompare(t[0]))),(0,r.useMemo)((()=>e),t.flat())}function c(e){return t=>{let{children:n}=t;return r.createElement(r.Fragment,null,e.reduceRight(((e,t)=>r.createElement(t,null,e)),n))}}},8022:(e,t,n)=>{"use strict";function r(e,t){return void 0!==e&&void 0!==t&&new RegExp(e,"gi").test(t)}n.d(t,{F:()=>r})},8596:(e,t,n)=>{"use strict";n.d(t,{Mg:()=>i,Ns:()=>l});var r=n(7294),a=n(723),o=n(2263);function i(e,t){const n=e=>{var t;return null==(t=!e||e.endsWith("/")?e:`${e}/`)?void 0:t.toLowerCase()};return n(e)===n(t)}function l(){const{baseUrl:e}=(0,o.Z)().siteConfig;return(0,r.useMemo)((()=>function(e){let{baseUrl:t,routes:n}=e;function r(e){return e.path===t&&!0===e.exact}function a(e){return e.path===t&&!e.exact}return function e(t){if(0===t.length)return;return t.find(r)||e(t.filter(a).flatMap((e=>e.routes??[])))}(n)}({routes:a.Z,baseUrl:e})),[e])}},2466:(e,t,n)=>{"use strict";n.d(t,{Ct:()=>p,OC:()=>s,RF:()=>d,o5:()=>f});var r=n(7294),a=n(412),o=n(2389),i=n(902);const l=r.createContext(void 0);function s(e){let{children:t}=e;const n=function(){const e=(0,r.useRef)(!0);return(0,r.useMemo)((()=>({scrollEventsEnabledRef:e,enableScrollEvents:()=>{e.current=!0},disableScrollEvents:()=>{e.current=!1}})),[])}();return r.createElement(l.Provider,{value:n},t)}function c(){const e=(0,r.useContext)(l);if(null==e)throw new i.i6("ScrollControllerProvider");return e}const u=()=>a.Z.canUseDOM?{scrollX:window.pageXOffset,scrollY:window.pageYOffset}:null;function d(e,t){void 0===t&&(t=[]);const{scrollEventsEnabledRef:n}=c(),a=(0,r.useRef)(u()),o=(0,i.zX)(e);(0,r.useEffect)((()=>{const e=()=>{if(!n.current)return;const e=u();o(e,a.current),a.current=e},t={passive:!0};return e(),window.addEventListener("scroll",e,t),()=>window.removeEventListener("scroll",e,t)}),[o,n,...t])}function f(){const e=c(),t=function(){const e=(0,r.useRef)({elem:null,top:0}),t=(0,r.useCallback)((t=>{e.current={elem:t,top:t.getBoundingClientRect().top}}),[]),n=(0,r.useCallback)((()=>{const{current:{elem:t,top:n}}=e;if(!t)return{restored:!1};const r=t.getBoundingClientRect().top-n;return r&&window.scrollBy({left:0,top:r}),e.current={elem:null,top:0},{restored:0!==r}}),[]);return(0,r.useMemo)((()=>({save:t,restore:n})),[n,t])}(),n=(0,r.useRef)(void 0),a=(0,r.useCallback)((r=>{t.save(r),e.disableScrollEvents(),n.current=()=>{const{restored:r}=t.restore();if(n.current=void 0,r){const t=()=>{e.enableScrollEvents(),window.removeEventListener("scroll",t)};window.addEventListener("scroll",t)}else e.enableScrollEvents()}}),[e,t]);return(0,r.useLayoutEffect)((()=>{queueMicrotask((()=>null==n.current?void 0:n.current()))})),{blockElementScrollPositionUntilNextRender:a}}function p(){const e=(0,r.useRef)(null),t=(0,o.Z)()&&"smooth"===getComputedStyle(document.documentElement).scrollBehavior;return{startScroll:n=>{e.current=t?function(e){return window.scrollTo({top:e,behavior:"smooth"}),()=>{}}(n):function(e){let t=null;const n=document.documentElement.scrollTop>e;return function r(){const a=document.documentElement.scrollTop;(n&&a>e||!n&&at&&cancelAnimationFrame(t)}(n)},cancelScroll:()=>null==e.current?void 0:e.current()}}},3320:(e,t,n)=>{"use strict";n.d(t,{HX:()=>i,_q:()=>s,os:()=>l});var r=n(143),a=n(2263),o=n(373);const i="default";function l(e,t){return`docs-${e}-${t}`}function s(){const{i18n:e}=(0,a.Z)(),t=(0,r._r)(),n=(0,r.WS)(),s=(0,o.Oh)();const c=[i,...Object.keys(t).map((function(e){const r=(null==n?void 0:n.activePlugin.pluginId)===e?n.activeVersion:void 0,a=s[e],o=t[e].versions.find((e=>e.isLast));return l(e,(r??a??o).name)}))];return{locale:e.currentLocale,tags:c}}},12:(e,t,n)=>{"use strict";n.d(t,{Nk:()=>d,WA:()=>u});var r=n(7294),a=n(1688);const o="localStorage";function i(e){let{key:t,oldValue:n,newValue:r,storage:a}=e;if(n===r)return;const o=document.createEvent("StorageEvent");o.initStorageEvent("storage",!1,!1,t,n,r,window.location.href,a),window.dispatchEvent(o)}function l(e){if(void 0===e&&(e=o),"undefined"==typeof window)throw new Error("Browser storage is not available on Node.js/Docusaurus SSR process.");if("none"===e)return null;try{return window[e]}catch(n){return t=n,s||(console.warn("Docusaurus browser storage is not available.\nPossible reasons: running Docusaurus in an iframe, in an incognito browser session, or using too strict browser privacy settings.",t),s=!0),null}var t}let s=!1;const c={get:()=>null,set:()=>{},del:()=>{},listen:()=>()=>{}};function u(e,t){if("undefined"==typeof window)return function(e){function t(){throw new Error(`Illegal storage API usage for storage key "${e}".\nDocusaurus storage APIs are not supposed to be called on the server-rendering process.\nPlease only call storage APIs in effects and event handlers.`)}return{get:t,set:t,del:t,listen:t}}(e);const n=l(null==t?void 0:t.persistence);return null===n?c:{get:()=>{try{return n.getItem(e)}catch(t){return console.error(`Docusaurus storage error, can't get key=${e}`,t),null}},set:t=>{try{const r=n.getItem(e);n.setItem(e,t),i({key:e,oldValue:r,newValue:t,storage:n})}catch(r){console.error(`Docusaurus storage error, can't set ${e}=${t}`,r)}},del:()=>{try{const t=n.getItem(e);n.removeItem(e),i({key:e,oldValue:t,newValue:null,storage:n})}catch(t){console.error(`Docusaurus storage error, can't delete key=${e}`,t)}},listen:t=>{try{const r=r=>{r.storageArea===n&&r.key===e&&t(r)};return window.addEventListener("storage",r),()=>window.removeEventListener("storage",r)}catch(r){return console.error(`Docusaurus storage error, can't listen for changes of key=${e}`,r),()=>{}}}}}function d(e,t){const n=(0,r.useRef)((()=>null===e?c:u(e,t))).current(),o=(0,r.useCallback)((e=>"undefined"==typeof window?()=>{}:n.listen(e)),[n]);return[(0,a.useSyncExternalStore)(o,(()=>"undefined"==typeof window?null:n.get()),(()=>null)),n]}},4711:(e,t,n)=>{"use strict";n.d(t,{l:()=>o});var r=n(2263),a=n(6550);function o(){const{siteConfig:{baseUrl:e,url:t},i18n:{defaultLocale:n,currentLocale:o}}=(0,r.Z)(),{pathname:i}=(0,a.TH)(),l=o===n?e:e.replace(`/${o}/`,"/"),s=i.replace(e,"");return{createUrl:function(e){let{locale:r,fullyQualified:a}=e;return`${a?t:""}${function(e){return e===n?`${l}`:`${l}${e}/`}(r)}${s}`}}}},5936:(e,t,n)=>{"use strict";n.d(t,{S:()=>i});var r=n(7294),a=n(6550),o=n(902);function i(e){const t=(0,a.TH)(),n=(0,o.D9)(t),i=(0,o.zX)(e);(0,r.useEffect)((()=>{n&&t!==n&&i({location:t,previousLocation:n})}),[i,t,n])}},6668:(e,t,n)=>{"use strict";n.d(t,{L:()=>a});var r=n(2263);function a(){return(0,r.Z)().siteConfig.themeConfig}},6278:(e,t,n)=>{"use strict";n.d(t,{L:()=>a});var r=n(2263);function a(){const{siteConfig:{themeConfig:e}}=(0,r.Z)();return e}},239:(e,t,n)=>{"use strict";n.d(t,{l:()=>l});var r=n(7294),a=n(8022),o=n(4996),i=n(6278);function l(){const{withBaseUrl:e}=(0,o.C)(),{algolia:{externalUrlRegex:t,replaceSearchResultPathname:n}}=(0,i.L)();return(0,r.useCallback)((r=>{const o=new URL(r);if((0,a.F)(t,o.href))return r;const i=`${o.pathname+o.hash}`;return e(function(e,t){return t?e.replaceAll(new RegExp(t.from,"g"),t.to):e}(i,n))}),[e,t,n])}},8802:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=function(e,t){const{trailingSlash:n,baseUrl:r}=t;if(e.startsWith("#"))return e;if(void 0===n)return e;const[a]=e.split(/[#?]/),o="/"===a||a===r?a:(i=a,n?function(e){return e.endsWith("/")?e:`${e}/`}(i):function(e){return e.endsWith("/")?e.slice(0,-1):e}(i));var i;return e.replace(a,o)}},8780:function(e,t,n){"use strict";var r=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.applyTrailingSlash=t.blogPostContainerID=void 0,t.blogPostContainerID="post-content";var a=n(8802);Object.defineProperty(t,"applyTrailingSlash",{enumerable:!0,get:function(){return r(a).default}})},6010:(e,t,n)=>{"use strict";function r(e){var t,n,a="";if("string"==typeof e||"number"==typeof e)a+=e;else if("object"==typeof e)if(Array.isArray(e))for(t=0;ta});const a=function(){for(var e,t,n=0,a="";n{"use strict";n.d(t,{lX:()=>w,q_:()=>C,ob:()=>p,PP:()=>A,Ep:()=>f});var r=n(7462);function a(e){return"/"===e.charAt(0)}function o(e,t){for(var n=t,r=n+1,a=e.length;r=0;f--){var p=i[f];"."===p?o(i,f):".."===p?(o(i,f),d++):d&&(o(i,f),d--)}if(!c)for(;d--;d)i.unshift("..");!c||""===i[0]||i[0]&&a(i[0])||i.unshift("");var m=i.join("/");return n&&"/"!==m.substr(-1)&&(m+="/"),m};var l=n(8776);function s(e){return"/"===e.charAt(0)?e:"/"+e}function c(e){return"/"===e.charAt(0)?e.substr(1):e}function u(e,t){return function(e,t){return 0===e.toLowerCase().indexOf(t.toLowerCase())&&-1!=="/?#".indexOf(e.charAt(t.length))}(e,t)?e.substr(t.length):e}function d(e){return"/"===e.charAt(e.length-1)?e.slice(0,-1):e}function f(e){var t=e.pathname,n=e.search,r=e.hash,a=t||"/";return n&&"?"!==n&&(a+="?"===n.charAt(0)?n:"?"+n),r&&"#"!==r&&(a+="#"===r.charAt(0)?r:"#"+r),a}function p(e,t,n,a){var o;"string"==typeof e?(o=function(e){var t=e||"/",n="",r="",a=t.indexOf("#");-1!==a&&(r=t.substr(a),t=t.substr(0,a));var o=t.indexOf("?");return-1!==o&&(n=t.substr(o),t=t.substr(0,o)),{pathname:t,search:"?"===n?"":n,hash:"#"===r?"":r}}(e),o.state=t):(void 0===(o=(0,r.Z)({},e)).pathname&&(o.pathname=""),o.search?"?"!==o.search.charAt(0)&&(o.search="?"+o.search):o.search="",o.hash?"#"!==o.hash.charAt(0)&&(o.hash="#"+o.hash):o.hash="",void 0!==t&&void 0===o.state&&(o.state=t));try{o.pathname=decodeURI(o.pathname)}catch(l){throw l instanceof URIError?new URIError('Pathname "'+o.pathname+'" could not be decoded. This is likely caused by an invalid percent-encoding.'):l}return n&&(o.key=n),a?o.pathname?"/"!==o.pathname.charAt(0)&&(o.pathname=i(o.pathname,a.pathname)):o.pathname=a.pathname:o.pathname||(o.pathname="/"),o}function m(){var e=null;var t=[];return{setPrompt:function(t){return e=t,function(){e===t&&(e=null)}},confirmTransitionTo:function(t,n,r,a){if(null!=e){var o="function"==typeof e?e(t,n):e;"string"==typeof o?"function"==typeof r?r(o,a):a(!0):a(!1!==o)}else a(!0)},appendListener:function(e){var n=!0;function r(){n&&e.apply(void 0,arguments)}return t.push(r),function(){n=!1,t=t.filter((function(e){return e!==r}))}},notifyListeners:function(){for(var e=arguments.length,n=new Array(e),r=0;rt?n.splice(t,n.length-t,a):n.push(a),d({action:r,location:a,index:t,entries:n})}}))},replace:function(e,t){var r="REPLACE",a=p(e,t,h(),w.location);u.confirmTransitionTo(a,r,n,(function(e){e&&(w.entries[w.index]=a,d({action:r,location:a}))}))},go:y,goBack:function(){y(-1)},goForward:function(){y(1)},canGo:function(e){var t=w.index+e;return t>=0&&t{"use strict";var r=n(9864),a={childContextTypes:!0,contextType:!0,contextTypes:!0,defaultProps:!0,displayName:!0,getDefaultProps:!0,getDerivedStateFromError:!0,getDerivedStateFromProps:!0,mixins:!0,propTypes:!0,type:!0},o={name:!0,length:!0,prototype:!0,caller:!0,callee:!0,arguments:!0,arity:!0},i={$$typeof:!0,compare:!0,defaultProps:!0,displayName:!0,propTypes:!0,type:!0},l={};function s(e){return r.isMemo(e)?i:l[e.$$typeof]||a}l[r.ForwardRef]={$$typeof:!0,render:!0,defaultProps:!0,displayName:!0,propTypes:!0},l[r.Memo]=i;var c=Object.defineProperty,u=Object.getOwnPropertyNames,d=Object.getOwnPropertySymbols,f=Object.getOwnPropertyDescriptor,p=Object.getPrototypeOf,m=Object.prototype;e.exports=function e(t,n,r){if("string"!=typeof n){if(m){var a=p(n);a&&a!==m&&e(t,a,r)}var i=u(n);d&&(i=i.concat(d(n)));for(var l=s(t),h=s(n),g=0;g{"use strict";e.exports=function(e,t,n,r,a,o,i,l){if(!e){var s;if(void 0===t)s=new Error("Minified exception occurred; use the non-minified dev environment for the full error message and additional helpful warnings.");else{var c=[n,r,a,o,i,l],u=0;(s=new Error(t.replace(/%s/g,(function(){return c[u++]})))).name="Invariant Violation"}throw s.framesToPop=1,s}}},5826:e=>{e.exports=Array.isArray||function(e){return"[object Array]"==Object.prototype.toString.call(e)}},2497:(e,t,n)=>{"use strict";n.r(t)},2295:(e,t,n)=>{"use strict";n.r(t)},4865:function(e,t,n){var r,a;r=function(){var e,t,n={version:"0.2.0"},r=n.settings={minimum:.08,easing:"ease",positionUsing:"",speed:200,trickle:!0,trickleRate:.02,trickleSpeed:800,showSpinner:!0,barSelector:'[role="bar"]',spinnerSelector:'[role="spinner"]',parent:"body",template:'
    '};function a(e,t,n){return en?n:e}function o(e){return 100*(-1+e)}function i(e,t,n){var a;return(a="translate3d"===r.positionUsing?{transform:"translate3d("+o(e)+"%,0,0)"}:"translate"===r.positionUsing?{transform:"translate("+o(e)+"%,0)"}:{"margin-left":o(e)+"%"}).transition="all "+t+"ms "+n,a}n.configure=function(e){var t,n;for(t in e)void 0!==(n=e[t])&&e.hasOwnProperty(t)&&(r[t]=n);return this},n.status=null,n.set=function(e){var t=n.isStarted();e=a(e,r.minimum,1),n.status=1===e?null:e;var o=n.render(!t),c=o.querySelector(r.barSelector),u=r.speed,d=r.easing;return o.offsetWidth,l((function(t){""===r.positionUsing&&(r.positionUsing=n.getPositioningCSS()),s(c,i(e,u,d)),1===e?(s(o,{transition:"none",opacity:1}),o.offsetWidth,setTimeout((function(){s(o,{transition:"all "+u+"ms linear",opacity:0}),setTimeout((function(){n.remove(),t()}),u)}),u)):setTimeout(t,u)})),this},n.isStarted=function(){return"number"==typeof n.status},n.start=function(){n.status||n.set(0);var e=function(){setTimeout((function(){n.status&&(n.trickle(),e())}),r.trickleSpeed)};return r.trickle&&e(),this},n.done=function(e){return e||n.status?n.inc(.3+.5*Math.random()).set(1):this},n.inc=function(e){var t=n.status;return t?("number"!=typeof e&&(e=(1-t)*a(Math.random()*t,.1,.95)),t=a(t+e,0,.994),n.set(t)):n.start()},n.trickle=function(){return n.inc(Math.random()*r.trickleRate)},e=0,t=0,n.promise=function(r){return r&&"resolved"!==r.state()?(0===t&&n.start(),e++,t++,r.always((function(){0==--t?(e=0,n.done()):n.set((e-t)/e)})),this):this},n.render=function(e){if(n.isRendered())return document.getElementById("nprogress");u(document.documentElement,"nprogress-busy");var t=document.createElement("div");t.id="nprogress",t.innerHTML=r.template;var a,i=t.querySelector(r.barSelector),l=e?"-100":o(n.status||0),c=document.querySelector(r.parent);return s(i,{transition:"all 0 linear",transform:"translate3d("+l+"%,0,0)"}),r.showSpinner||(a=t.querySelector(r.spinnerSelector))&&p(a),c!=document.body&&u(c,"nprogress-custom-parent"),c.appendChild(t),t},n.remove=function(){d(document.documentElement,"nprogress-busy"),d(document.querySelector(r.parent),"nprogress-custom-parent");var e=document.getElementById("nprogress");e&&p(e)},n.isRendered=function(){return!!document.getElementById("nprogress")},n.getPositioningCSS=function(){var e=document.body.style,t="WebkitTransform"in e?"Webkit":"MozTransform"in e?"Moz":"msTransform"in e?"ms":"OTransform"in e?"O":"";return t+"Perspective"in e?"translate3d":t+"Transform"in e?"translate":"margin"};var l=function(){var e=[];function t(){var n=e.shift();n&&n(t)}return function(n){e.push(n),1==e.length&&t()}}(),s=function(){var e=["Webkit","O","Moz","ms"],t={};function n(e){return e.replace(/^-ms-/,"ms-").replace(/-([\da-z])/gi,(function(e,t){return t.toUpperCase()}))}function r(t){var n=document.body.style;if(t in n)return t;for(var r,a=e.length,o=t.charAt(0).toUpperCase()+t.slice(1);a--;)if((r=e[a]+o)in n)return r;return t}function a(e){return e=n(e),t[e]||(t[e]=r(e))}function o(e,t,n){t=a(t),e.style[t]=n}return function(e,t){var n,r,a=arguments;if(2==a.length)for(n in t)void 0!==(r=t[n])&&t.hasOwnProperty(n)&&o(e,n,r);else o(e,a[1],a[2])}}();function c(e,t){return("string"==typeof e?e:f(e)).indexOf(" "+t+" ")>=0}function u(e,t){var n=f(e),r=n+t;c(n,t)||(e.className=r.substring(1))}function d(e,t){var n,r=f(e);c(e,t)&&(n=r.replace(" "+t+" "," "),e.className=n.substring(1,n.length-1))}function f(e){return(" "+(e.className||"")+" ").replace(/\s+/gi," ")}function p(e){e&&e.parentNode&&e.parentNode.removeChild(e)}return n},void 0===(a="function"==typeof r?r.call(t,n,t,e):r)||(e.exports=a)},7418:e=>{"use strict";var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,r=Object.prototype.propertyIsEnumerable;function a(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map((function(e){return t[e]})).join(""))return!1;var r={};return"abcdefghijklmnopqrst".split("").forEach((function(e){r[e]=e})),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},r)).join("")}catch(a){return!1}}()?Object.assign:function(e,o){for(var i,l,s=a(e),c=1;c{"use strict";n.d(t,{Z:()=>o});var r=function(){var e=/(?:^|\s)lang(?:uage)?-([\w-]+)(?=\s|$)/i,t=0,n={},r={util:{encode:function e(t){return t instanceof a?new a(t.type,e(t.content),t.alias):Array.isArray(t)?t.map(e):t.replace(/&/g,"&").replace(/=d.reach);_+=E.value.length,E=E.next){var S=E.value;if(t.length>e.length)return;if(!(S instanceof a)){var x,C=1;if(v){if(!(x=o(k,_,e,b))||x.index>=e.length)break;var T=x.index,A=x.index+x[0].length,L=_;for(L+=E.value.length;T>=L;)L+=(E=E.next).value.length;if(_=L-=E.value.length,E.value instanceof a)continue;for(var R=E;R!==t.tail&&(Ld.reach&&(d.reach=I);var D=E.prev;if(N&&(D=s(t,D,N),_+=N.length),c(t,D,C),E=s(t,D,new a(f,g?r.tokenize(P,g):P,y,P)),O&&s(t,E,O),C>1){var M={cause:f+","+m,reach:I};i(e,t,n,E.prev,_,M),d&&M.reach>d.reach&&(d.reach=M.reach)}}}}}}function l(){var e={value:null,prev:null,next:null},t={value:null,prev:e,next:null};e.next=t,this.head=e,this.tail=t,this.length=0}function s(e,t,n){var r=t.next,a={value:n,prev:t,next:r};return t.next=a,r.prev=a,e.length++,a}function c(e,t,n){for(var r=t.next,a=0;a"+o.content+""},r}(),a=r;r.default=r,a.languages.markup={comment:{pattern://,greedy:!0},prolog:{pattern:/<\?[\s\S]+?\?>/,greedy:!0},doctype:{pattern:/"'[\]]|"[^"]*"|'[^']*')+(?:\[(?:[^<"'\]]|"[^"]*"|'[^']*'|<(?!!--)|)*\]\s*)?>/i,greedy:!0,inside:{"internal-subset":{pattern:/(^[^\[]*\[)[\s\S]+(?=\]>$)/,lookbehind:!0,greedy:!0,inside:null},string:{pattern:/"[^"]*"|'[^']*'/,greedy:!0},punctuation:/^$|[[\]]/,"doctype-tag":/^DOCTYPE/i,name:/[^\s<>'"]+/}},cdata:{pattern://i,greedy:!0},tag:{pattern:/<\/?(?!\d)[^\s>\/=$<%]+(?:\s(?:\s*[^\s>\/=]+(?:\s*=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+(?=[\s>]))|(?=[\s/>])))+)?\s*\/?>/,greedy:!0,inside:{tag:{pattern:/^<\/?[^\s>\/]+/,inside:{punctuation:/^<\/?/,namespace:/^[^\s>\/:]+:/}},"special-attr":[],"attr-value":{pattern:/=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+)/,inside:{punctuation:[{pattern:/^=/,alias:"attr-equals"},/"|'/]}},punctuation:/\/?>/,"attr-name":{pattern:/[^\s>\/]+/,inside:{namespace:/^[^\s>\/:]+:/}}}},entity:[{pattern:/&[\da-z]{1,8};/i,alias:"named-entity"},/&#x?[\da-f]{1,8};/i]},a.languages.markup.tag.inside["attr-value"].inside.entity=a.languages.markup.entity,a.languages.markup.doctype.inside["internal-subset"].inside=a.languages.markup,a.hooks.add("wrap",(function(e){"entity"===e.type&&(e.attributes.title=e.content.replace(/&/,"&"))})),Object.defineProperty(a.languages.markup.tag,"addInlined",{value:function(e,t){var n={};n["language-"+t]={pattern:/(^$)/i,lookbehind:!0,inside:a.languages[t]},n.cdata=/^$/i;var r={"included-cdata":{pattern://i,inside:n}};r["language-"+t]={pattern:/[\s\S]+/,inside:a.languages[t]};var o={};o[e]={pattern:RegExp(/(<__[^>]*>)(?:))*\]\]>|(?!)/.source.replace(/__/g,(function(){return e})),"i"),lookbehind:!0,greedy:!0,inside:r},a.languages.insertBefore("markup","cdata",o)}}),Object.defineProperty(a.languages.markup.tag,"addAttribute",{value:function(e,t){a.languages.markup.tag.inside["special-attr"].push({pattern:RegExp(/(^|["'\s])/.source+"(?:"+e+")"+/\s*=\s*(?:"[^"]*"|'[^']*'|[^\s'">=]+(?=[\s>]))/.source,"i"),lookbehind:!0,inside:{"attr-name":/^[^\s=]+/,"attr-value":{pattern:/=[\s\S]+/,inside:{value:{pattern:/(^=\s*(["']|(?!["'])))\S[\s\S]*(?=\2$)/,lookbehind:!0,alias:[t,"language-"+t],inside:a.languages[t]},punctuation:[{pattern:/^=/,alias:"attr-equals"},/"|'/]}}}})}}),a.languages.html=a.languages.markup,a.languages.mathml=a.languages.markup,a.languages.svg=a.languages.markup,a.languages.xml=a.languages.extend("markup",{}),a.languages.ssml=a.languages.xml,a.languages.atom=a.languages.xml,a.languages.rss=a.languages.xml,function(e){var t="\\b(?:BASH|BASHOPTS|BASH_ALIASES|BASH_ARGC|BASH_ARGV|BASH_CMDS|BASH_COMPLETION_COMPAT_DIR|BASH_LINENO|BASH_REMATCH|BASH_SOURCE|BASH_VERSINFO|BASH_VERSION|COLORTERM|COLUMNS|COMP_WORDBREAKS|DBUS_SESSION_BUS_ADDRESS|DEFAULTS_PATH|DESKTOP_SESSION|DIRSTACK|DISPLAY|EUID|GDMSESSION|GDM_LANG|GNOME_KEYRING_CONTROL|GNOME_KEYRING_PID|GPG_AGENT_INFO|GROUPS|HISTCONTROL|HISTFILE|HISTFILESIZE|HISTSIZE|HOME|HOSTNAME|HOSTTYPE|IFS|INSTANCE|JOB|LANG|LANGUAGE|LC_ADDRESS|LC_ALL|LC_IDENTIFICATION|LC_MEASUREMENT|LC_MONETARY|LC_NAME|LC_NUMERIC|LC_PAPER|LC_TELEPHONE|LC_TIME|LESSCLOSE|LESSOPEN|LINES|LOGNAME|LS_COLORS|MACHTYPE|MAILCHECK|MANDATORY_PATH|NO_AT_BRIDGE|OLDPWD|OPTERR|OPTIND|ORBIT_SOCKETDIR|OSTYPE|PAPERSIZE|PATH|PIPESTATUS|PPID|PS1|PS2|PS3|PS4|PWD|RANDOM|REPLY|SECONDS|SELINUX_INIT|SESSION|SESSIONTYPE|SESSION_MANAGER|SHELL|SHELLOPTS|SHLVL|SSH_AUTH_SOCK|TERM|UID|UPSTART_EVENTS|UPSTART_INSTANCE|UPSTART_JOB|UPSTART_SESSION|USER|WINDOWID|XAUTHORITY|XDG_CONFIG_DIRS|XDG_CURRENT_DESKTOP|XDG_DATA_DIRS|XDG_GREETER_DATA_DIR|XDG_MENU_PREFIX|XDG_RUNTIME_DIR|XDG_SEAT|XDG_SEAT_PATH|XDG_SESSION_DESKTOP|XDG_SESSION_ID|XDG_SESSION_PATH|XDG_SESSION_TYPE|XDG_VTNR|XMODIFIERS)\\b",n={pattern:/(^(["']?)\w+\2)[ \t]+\S.*/,lookbehind:!0,alias:"punctuation",inside:null},r={bash:n,environment:{pattern:RegExp("\\$"+t),alias:"constant"},variable:[{pattern:/\$?\(\([\s\S]+?\)\)/,greedy:!0,inside:{variable:[{pattern:/(^\$\(\([\s\S]+)\)\)/,lookbehind:!0},/^\$\(\(/],number:/\b0x[\dA-Fa-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:[Ee]-?\d+)?/,operator:/--|\+\+|\*\*=?|<<=?|>>=?|&&|\|\||[=!+\-*/%<>^&|]=?|[?~:]/,punctuation:/\(\(?|\)\)?|,|;/}},{pattern:/\$\((?:\([^)]+\)|[^()])+\)|`[^`]+`/,greedy:!0,inside:{variable:/^\$\(|^`|\)$|`$/}},{pattern:/\$\{[^}]+\}/,greedy:!0,inside:{operator:/:[-=?+]?|[!\/]|##?|%%?|\^\^?|,,?/,punctuation:/[\[\]]/,environment:{pattern:RegExp("(\\{)"+t),lookbehind:!0,alias:"constant"}}},/\$(?:\w+|[#?*!@$])/],entity:/\\(?:[abceEfnrtv\\"]|O?[0-7]{1,3}|U[0-9a-fA-F]{8}|u[0-9a-fA-F]{4}|x[0-9a-fA-F]{1,2})/};e.languages.bash={shebang:{pattern:/^#!\s*\/.*/,alias:"important"},comment:{pattern:/(^|[^"{\\$])#.*/,lookbehind:!0},"function-name":[{pattern:/(\bfunction\s+)[\w-]+(?=(?:\s*\(?:\s*\))?\s*\{)/,lookbehind:!0,alias:"function"},{pattern:/\b[\w-]+(?=\s*\(\s*\)\s*\{)/,alias:"function"}],"for-or-select":{pattern:/(\b(?:for|select)\s+)\w+(?=\s+in\s)/,alias:"variable",lookbehind:!0},"assign-left":{pattern:/(^|[\s;|&]|[<>]\()\w+(?=\+?=)/,inside:{environment:{pattern:RegExp("(^|[\\s;|&]|[<>]\\()"+t),lookbehind:!0,alias:"constant"}},alias:"variable",lookbehind:!0},string:[{pattern:/((?:^|[^<])<<-?\s*)(\w+)\s[\s\S]*?(?:\r?\n|\r)\2/,lookbehind:!0,greedy:!0,inside:r},{pattern:/((?:^|[^<])<<-?\s*)(["'])(\w+)\2\s[\s\S]*?(?:\r?\n|\r)\3/,lookbehind:!0,greedy:!0,inside:{bash:n}},{pattern:/(^|[^\\](?:\\\\)*)"(?:\\[\s\S]|\$\([^)]+\)|\$(?!\()|`[^`]+`|[^"\\`$])*"/,lookbehind:!0,greedy:!0,inside:r},{pattern:/(^|[^$\\])'[^']*'/,lookbehind:!0,greedy:!0},{pattern:/\$'(?:[^'\\]|\\[\s\S])*'/,greedy:!0,inside:{entity:r.entity}}],environment:{pattern:RegExp("\\$?"+t),alias:"constant"},variable:r.variable,function:{pattern:/(^|[\s;|&]|[<>]\()(?:add|apropos|apt|apt-cache|apt-get|aptitude|aspell|automysqlbackup|awk|basename|bash|bc|bconsole|bg|bzip2|cal|cat|cfdisk|chgrp|chkconfig|chmod|chown|chroot|cksum|clear|cmp|column|comm|composer|cp|cron|crontab|csplit|curl|cut|date|dc|dd|ddrescue|debootstrap|df|diff|diff3|dig|dir|dircolors|dirname|dirs|dmesg|docker|docker-compose|du|egrep|eject|env|ethtool|expand|expect|expr|fdformat|fdisk|fg|fgrep|file|find|fmt|fold|format|free|fsck|ftp|fuser|gawk|git|gparted|grep|groupadd|groupdel|groupmod|groups|grub-mkconfig|gzip|halt|head|hg|history|host|hostname|htop|iconv|id|ifconfig|ifdown|ifup|import|install|ip|jobs|join|kill|killall|less|link|ln|locate|logname|logrotate|look|lpc|lpr|lprint|lprintd|lprintq|lprm|ls|lsof|lynx|make|man|mc|mdadm|mkconfig|mkdir|mke2fs|mkfifo|mkfs|mkisofs|mknod|mkswap|mmv|more|most|mount|mtools|mtr|mutt|mv|nano|nc|netstat|nice|nl|node|nohup|notify-send|npm|nslookup|op|open|parted|passwd|paste|pathchk|ping|pkill|pnpm|podman|podman-compose|popd|pr|printcap|printenv|ps|pushd|pv|quota|quotacheck|quotactl|ram|rar|rcp|reboot|remsync|rename|renice|rev|rm|rmdir|rpm|rsync|scp|screen|sdiff|sed|sendmail|seq|service|sftp|sh|shellcheck|shuf|shutdown|sleep|slocate|sort|split|ssh|stat|strace|su|sudo|sum|suspend|swapon|sync|tac|tail|tar|tee|time|timeout|top|touch|tr|traceroute|tsort|tty|umount|uname|unexpand|uniq|units|unrar|unshar|unzip|update-grub|uptime|useradd|userdel|usermod|users|uudecode|uuencode|v|vcpkg|vdir|vi|vim|virsh|vmstat|wait|watch|wc|wget|whereis|which|who|whoami|write|xargs|xdg-open|yarn|yes|zenity|zip|zsh|zypper)(?=$|[)\s;|&])/,lookbehind:!0},keyword:{pattern:/(^|[\s;|&]|[<>]\()(?:case|do|done|elif|else|esac|fi|for|function|if|in|select|then|until|while)(?=$|[)\s;|&])/,lookbehind:!0},builtin:{pattern:/(^|[\s;|&]|[<>]\()(?:\.|:|alias|bind|break|builtin|caller|cd|command|continue|declare|echo|enable|eval|exec|exit|export|getopts|hash|help|let|local|logout|mapfile|printf|pwd|read|readarray|readonly|return|set|shift|shopt|source|test|times|trap|type|typeset|ulimit|umask|unalias|unset)(?=$|[)\s;|&])/,lookbehind:!0,alias:"class-name"},boolean:{pattern:/(^|[\s;|&]|[<>]\()(?:false|true)(?=$|[)\s;|&])/,lookbehind:!0},"file-descriptor":{pattern:/\B&\d\b/,alias:"important"},operator:{pattern:/\d?<>|>\||\+=|=[=~]?|!=?|<<[<-]?|[&\d]?>>|\d[<>]&?|[<>][&=]?|&[>&]?|\|[&|]?/,inside:{"file-descriptor":{pattern:/^\d/,alias:"important"}}},punctuation:/\$?\(\(?|\)\)?|\.\.|[{}[\];\\]/,number:{pattern:/(^|\s)(?:[1-9]\d*|0)(?:[.,]\d+)?\b/,lookbehind:!0}},n.inside=e.languages.bash;for(var a=["comment","function-name","for-or-select","assign-left","string","environment","function","keyword","builtin","boolean","file-descriptor","operator","punctuation","number"],o=r.variable[1].inside,i=0;i]=?|[!=]=?=?|--?|\+\+?|&&?|\|\|?|[?*/~^%]/,punctuation:/[{}[\];(),.:]/},a.languages.c=a.languages.extend("clike",{comment:{pattern:/\/\/(?:[^\r\n\\]|\\(?:\r\n?|\n|(?![\r\n])))*|\/\*[\s\S]*?(?:\*\/|$)/,greedy:!0},string:{pattern:/"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"/,greedy:!0},"class-name":{pattern:/(\b(?:enum|struct)\s+(?:__attribute__\s*\(\([\s\S]*?\)\)\s*)?)\w+|\b[a-z]\w*_t\b/,lookbehind:!0},keyword:/\b(?:_Alignas|_Alignof|_Atomic|_Bool|_Complex|_Generic|_Imaginary|_Noreturn|_Static_assert|_Thread_local|__attribute__|asm|auto|break|case|char|const|continue|default|do|double|else|enum|extern|float|for|goto|if|inline|int|long|register|return|short|signed|sizeof|static|struct|switch|typedef|typeof|union|unsigned|void|volatile|while)\b/,function:/\b[a-z_]\w*(?=\s*\()/i,number:/(?:\b0x(?:[\da-f]+(?:\.[\da-f]*)?|\.[\da-f]+)(?:p[+-]?\d+)?|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:e[+-]?\d+)?)[ful]{0,4}/i,operator:/>>=?|<<=?|->|([-+&|:])\1|[?:~]|[-+*/%&|^!=<>]=?/}),a.languages.insertBefore("c","string",{char:{pattern:/'(?:\\(?:\r\n|[\s\S])|[^'\\\r\n]){0,32}'/,greedy:!0}}),a.languages.insertBefore("c","string",{macro:{pattern:/(^[\t ]*)#\s*[a-z](?:[^\r\n\\/]|\/(?!\*)|\/\*(?:[^*]|\*(?!\/))*\*\/|\\(?:\r\n|[\s\S]))*/im,lookbehind:!0,greedy:!0,alias:"property",inside:{string:[{pattern:/^(#\s*include\s*)<[^>]+>/,lookbehind:!0},a.languages.c.string],char:a.languages.c.char,comment:a.languages.c.comment,"macro-name":[{pattern:/(^#\s*define\s+)\w+\b(?!\()/i,lookbehind:!0},{pattern:/(^#\s*define\s+)\w+\b(?=\()/i,lookbehind:!0,alias:"function"}],directive:{pattern:/^(#\s*)[a-z]+/,lookbehind:!0,alias:"keyword"},"directive-hash":/^#/,punctuation:/##|\\(?=[\r\n])/,expression:{pattern:/\S[\s\S]*/,inside:a.languages.c}}}}),a.languages.insertBefore("c","function",{constant:/\b(?:EOF|NULL|SEEK_CUR|SEEK_END|SEEK_SET|__DATE__|__FILE__|__LINE__|__TIMESTAMP__|__TIME__|__func__|stderr|stdin|stdout)\b/}),delete a.languages.c.boolean,function(e){var t=/\b(?:alignas|alignof|asm|auto|bool|break|case|catch|char|char16_t|char32_t|char8_t|class|co_await|co_return|co_yield|compl|concept|const|const_cast|consteval|constexpr|constinit|continue|decltype|default|delete|do|double|dynamic_cast|else|enum|explicit|export|extern|final|float|for|friend|goto|if|import|inline|int|int16_t|int32_t|int64_t|int8_t|long|module|mutable|namespace|new|noexcept|nullptr|operator|override|private|protected|public|register|reinterpret_cast|requires|return|short|signed|sizeof|static|static_assert|static_cast|struct|switch|template|this|thread_local|throw|try|typedef|typeid|typename|uint16_t|uint32_t|uint64_t|uint8_t|union|unsigned|using|virtual|void|volatile|wchar_t|while)\b/,n=/\b(?!)\w+(?:\s*\.\s*\w+)*\b/.source.replace(//g,(function(){return t.source}));e.languages.cpp=e.languages.extend("c",{"class-name":[{pattern:RegExp(/(\b(?:class|concept|enum|struct|typename)\s+)(?!)\w+/.source.replace(//g,(function(){return t.source}))),lookbehind:!0},/\b[A-Z]\w*(?=\s*::\s*\w+\s*\()/,/\b[A-Z_]\w*(?=\s*::\s*~\w+\s*\()/i,/\b\w+(?=\s*<(?:[^<>]|<(?:[^<>]|<[^<>]*>)*>)*>\s*::\s*\w+\s*\()/],keyword:t,number:{pattern:/(?:\b0b[01']+|\b0x(?:[\da-f']+(?:\.[\da-f']*)?|\.[\da-f']+)(?:p[+-]?[\d']+)?|(?:\b[\d']+(?:\.[\d']*)?|\B\.[\d']+)(?:e[+-]?[\d']+)?)[ful]{0,4}/i,greedy:!0},operator:/>>=?|<<=?|->|--|\+\+|&&|\|\||[?:~]|<=>|[-+*/%&|^!=<>]=?|\b(?:and|and_eq|bitand|bitor|not|not_eq|or|or_eq|xor|xor_eq)\b/,boolean:/\b(?:false|true)\b/}),e.languages.insertBefore("cpp","string",{module:{pattern:RegExp(/(\b(?:import|module)\s+)/.source+"(?:"+/"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"|<[^<>\r\n]*>/.source+"|"+/(?:\s*:\s*)?|:\s*/.source.replace(//g,(function(){return n}))+")"),lookbehind:!0,greedy:!0,inside:{string:/^[<"][\s\S]+/,operator:/:/,punctuation:/\./}},"raw-string":{pattern:/R"([^()\\ ]{0,16})\([\s\S]*?\)\1"/,alias:"string",greedy:!0}}),e.languages.insertBefore("cpp","keyword",{"generic-function":{pattern:/\b(?!operator\b)[a-z_]\w*\s*<(?:[^<>]|<[^<>]*>)*>(?=\s*\()/i,inside:{function:/^\w+/,generic:{pattern:/<[\s\S]+/,alias:"class-name",inside:e.languages.cpp}}}}),e.languages.insertBefore("cpp","operator",{"double-colon":{pattern:/::/,alias:"punctuation"}}),e.languages.insertBefore("cpp","class-name",{"base-clause":{pattern:/(\b(?:class|struct)\s+\w+\s*:\s*)[^;{}"'\s]+(?:\s+[^;{}"'\s]+)*(?=\s*[;{])/,lookbehind:!0,greedy:!0,inside:e.languages.extend("cpp",{})}}),e.languages.insertBefore("inside","double-colon",{"class-name":/\b[a-z_]\w*\b(?!\s*::)/i},e.languages.cpp["base-clause"])}(a),function(e){var t=/(?:"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"|'(?:\\(?:\r\n|[\s\S])|[^'\\\r\n])*')/;e.languages.css={comment:/\/\*[\s\S]*?\*\//,atrule:{pattern:/@[\w-](?:[^;{\s]|\s+(?![\s{]))*(?:;|(?=\s*\{))/,inside:{rule:/^@[\w-]+/,"selector-function-argument":{pattern:/(\bselector\s*\(\s*(?![\s)]))(?:[^()\s]|\s+(?![\s)])|\((?:[^()]|\([^()]*\))*\))+(?=\s*\))/,lookbehind:!0,alias:"selector"},keyword:{pattern:/(^|[^\w-])(?:and|not|only|or)(?![\w-])/,lookbehind:!0}}},url:{pattern:RegExp("\\burl\\((?:"+t.source+"|"+/(?:[^\\\r\n()"']|\\[\s\S])*/.source+")\\)","i"),greedy:!0,inside:{function:/^url/i,punctuation:/^\(|\)$/,string:{pattern:RegExp("^"+t.source+"$"),alias:"url"}}},selector:{pattern:RegExp("(^|[{}\\s])[^{}\\s](?:[^{};\"'\\s]|\\s+(?![\\s{])|"+t.source+")*(?=\\s*\\{)"),lookbehind:!0},string:{pattern:t,greedy:!0},property:{pattern:/(^|[^-\w\xA0-\uFFFF])(?!\s)[-_a-z\xA0-\uFFFF](?:(?!\s)[-\w\xA0-\uFFFF])*(?=\s*:)/i,lookbehind:!0},important:/!important\b/i,function:{pattern:/(^|[^-a-z0-9])[-a-z0-9]+(?=\()/i,lookbehind:!0},punctuation:/[(){};:,]/},e.languages.css.atrule.inside.rest=e.languages.css;var n=e.languages.markup;n&&(n.tag.addInlined("style","css"),n.tag.addAttribute("style","css"))}(a),function(e){var t,n=/("|')(?:\\(?:\r\n|[\s\S])|(?!\1)[^\\\r\n])*\1/;e.languages.css.selector={pattern:e.languages.css.selector.pattern,lookbehind:!0,inside:t={"pseudo-element":/:(?:after|before|first-letter|first-line|selection)|::[-\w]+/,"pseudo-class":/:[-\w]+/,class:/\.[-\w]+/,id:/#[-\w]+/,attribute:{pattern:RegExp("\\[(?:[^[\\]\"']|"+n.source+")*\\]"),greedy:!0,inside:{punctuation:/^\[|\]$/,"case-sensitivity":{pattern:/(\s)[si]$/i,lookbehind:!0,alias:"keyword"},namespace:{pattern:/^(\s*)(?:(?!\s)[-*\w\xA0-\uFFFF])*\|(?!=)/,lookbehind:!0,inside:{punctuation:/\|$/}},"attr-name":{pattern:/^(\s*)(?:(?!\s)[-\w\xA0-\uFFFF])+/,lookbehind:!0},"attr-value":[n,{pattern:/(=\s*)(?:(?!\s)[-\w\xA0-\uFFFF])+(?=\s*$)/,lookbehind:!0}],operator:/[|~*^$]?=/}},"n-th":[{pattern:/(\(\s*)[+-]?\d*[\dn](?:\s*[+-]\s*\d+)?(?=\s*\))/,lookbehind:!0,inside:{number:/[\dn]+/,operator:/[+-]/}},{pattern:/(\(\s*)(?:even|odd)(?=\s*\))/i,lookbehind:!0}],combinator:/>|\+|~|\|\|/,punctuation:/[(),]/}},e.languages.css.atrule.inside["selector-function-argument"].inside=t,e.languages.insertBefore("css","property",{variable:{pattern:/(^|[^-\w\xA0-\uFFFF])--(?!\s)[-_a-z\xA0-\uFFFF](?:(?!\s)[-\w\xA0-\uFFFF])*/i,lookbehind:!0}});var r={pattern:/(\b\d+)(?:%|[a-z]+(?![\w-]))/,lookbehind:!0},a={pattern:/(^|[^\w.-])-?(?:\d+(?:\.\d+)?|\.\d+)/,lookbehind:!0};e.languages.insertBefore("css","function",{operator:{pattern:/(\s)[+\-*\/](?=\s)/,lookbehind:!0},hexcode:{pattern:/\B#[\da-f]{3,8}\b/i,alias:"color"},color:[{pattern:/(^|[^\w-])(?:AliceBlue|AntiqueWhite|Aqua|Aquamarine|Azure|Beige|Bisque|Black|BlanchedAlmond|Blue|BlueViolet|Brown|BurlyWood|CadetBlue|Chartreuse|Chocolate|Coral|CornflowerBlue|Cornsilk|Crimson|Cyan|DarkBlue|DarkCyan|DarkGoldenRod|DarkGr[ae]y|DarkGreen|DarkKhaki|DarkMagenta|DarkOliveGreen|DarkOrange|DarkOrchid|DarkRed|DarkSalmon|DarkSeaGreen|DarkSlateBlue|DarkSlateGr[ae]y|DarkTurquoise|DarkViolet|DeepPink|DeepSkyBlue|DimGr[ae]y|DodgerBlue|FireBrick|FloralWhite|ForestGreen|Fuchsia|Gainsboro|GhostWhite|Gold|GoldenRod|Gr[ae]y|Green|GreenYellow|HoneyDew|HotPink|IndianRed|Indigo|Ivory|Khaki|Lavender|LavenderBlush|LawnGreen|LemonChiffon|LightBlue|LightCoral|LightCyan|LightGoldenRodYellow|LightGr[ae]y|LightGreen|LightPink|LightSalmon|LightSeaGreen|LightSkyBlue|LightSlateGr[ae]y|LightSteelBlue|LightYellow|Lime|LimeGreen|Linen|Magenta|Maroon|MediumAquaMarine|MediumBlue|MediumOrchid|MediumPurple|MediumSeaGreen|MediumSlateBlue|MediumSpringGreen|MediumTurquoise|MediumVioletRed|MidnightBlue|MintCream|MistyRose|Moccasin|NavajoWhite|Navy|OldLace|Olive|OliveDrab|Orange|OrangeRed|Orchid|PaleGoldenRod|PaleGreen|PaleTurquoise|PaleVioletRed|PapayaWhip|PeachPuff|Peru|Pink|Plum|PowderBlue|Purple|Red|RosyBrown|RoyalBlue|SaddleBrown|Salmon|SandyBrown|SeaGreen|SeaShell|Sienna|Silver|SkyBlue|SlateBlue|SlateGr[ae]y|Snow|SpringGreen|SteelBlue|Tan|Teal|Thistle|Tomato|Transparent|Turquoise|Violet|Wheat|White|WhiteSmoke|Yellow|YellowGreen)(?![\w-])/i,lookbehind:!0},{pattern:/\b(?:hsl|rgb)\(\s*\d{1,3}\s*,\s*\d{1,3}%?\s*,\s*\d{1,3}%?\s*\)\B|\b(?:hsl|rgb)a\(\s*\d{1,3}\s*,\s*\d{1,3}%?\s*,\s*\d{1,3}%?\s*,\s*(?:0|0?\.\d+|1)\s*\)\B/i,inside:{unit:r,number:a,function:/[\w-]+(?=\()/,punctuation:/[(),]/}}],entity:/\\[\da-f]{1,8}/i,unit:r,number:a})}(a),a.languages.javascript=a.languages.extend("clike",{"class-name":[a.languages.clike["class-name"],{pattern:/(^|[^$\w\xA0-\uFFFF])(?!\s)[_$A-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\.(?:constructor|prototype))/,lookbehind:!0}],keyword:[{pattern:/((?:^|\})\s*)catch\b/,lookbehind:!0},{pattern:/(^|[^.]|\.\.\.\s*)\b(?:as|assert(?=\s*\{)|async(?=\s*(?:function\b|\(|[$\w\xA0-\uFFFF]|$))|await|break|case|class|const|continue|debugger|default|delete|do|else|enum|export|extends|finally(?=\s*(?:\{|$))|for|from(?=\s*(?:['"]|$))|function|(?:get|set)(?=\s*(?:[#\[$\w\xA0-\uFFFF]|$))|if|implements|import|in|instanceof|interface|let|new|null|of|package|private|protected|public|return|static|super|switch|this|throw|try|typeof|undefined|var|void|while|with|yield)\b/,lookbehind:!0}],function:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*(?:\.\s*(?:apply|bind|call)\s*)?\()/,number:{pattern:RegExp(/(^|[^\w$])/.source+"(?:"+/NaN|Infinity/.source+"|"+/0[bB][01]+(?:_[01]+)*n?/.source+"|"+/0[oO][0-7]+(?:_[0-7]+)*n?/.source+"|"+/0[xX][\dA-Fa-f]+(?:_[\dA-Fa-f]+)*n?/.source+"|"+/\d+(?:_\d+)*n/.source+"|"+/(?:\d+(?:_\d+)*(?:\.(?:\d+(?:_\d+)*)?)?|\.\d+(?:_\d+)*)(?:[Ee][+-]?\d+(?:_\d+)*)?/.source+")"+/(?![\w$])/.source),lookbehind:!0},operator:/--|\+\+|\*\*=?|=>|&&=?|\|\|=?|[!=]==|<<=?|>>>?=?|[-+*/%&|^!=<>]=?|\.{3}|\?\?=?|\?\.?|[~:]/}),a.languages.javascript["class-name"][0].pattern=/(\b(?:class|extends|implements|instanceof|interface|new)\s+)[\w.\\]+/,a.languages.insertBefore("javascript","keyword",{regex:{pattern:/((?:^|[^$\w\xA0-\uFFFF."'\])\s]|\b(?:return|yield))\s*)\/(?:\[(?:[^\]\\\r\n]|\\.)*\]|\\.|[^/\\\[\r\n])+\/[dgimyus]{0,7}(?=(?:\s|\/\*(?:[^*]|\*(?!\/))*\*\/)*(?:$|[\r\n,.;:})\]]|\/\/))/,lookbehind:!0,greedy:!0,inside:{"regex-source":{pattern:/^(\/)[\s\S]+(?=\/[a-z]*$)/,lookbehind:!0,alias:"language-regex",inside:a.languages.regex},"regex-delimiter":/^\/|\/$/,"regex-flags":/^[a-z]+$/}},"function-variable":{pattern:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*[=:]\s*(?:async\s*)?(?:\bfunction\b|(?:\((?:[^()]|\([^()]*\))*\)|(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*)\s*=>))/,alias:"function"},parameter:[{pattern:/(function(?:\s+(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*)?\s*\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\))/,lookbehind:!0,inside:a.languages.javascript},{pattern:/(^|[^$\w\xA0-\uFFFF])(?!\s)[_$a-z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*=>)/i,lookbehind:!0,inside:a.languages.javascript},{pattern:/(\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\)\s*=>)/,lookbehind:!0,inside:a.languages.javascript},{pattern:/((?:\b|\s|^)(?!(?:as|async|await|break|case|catch|class|const|continue|debugger|default|delete|do|else|enum|export|extends|finally|for|from|function|get|if|implements|import|in|instanceof|interface|let|new|null|of|package|private|protected|public|return|set|static|super|switch|this|throw|try|typeof|undefined|var|void|while|with|yield)(?![$\w\xA0-\uFFFF]))(?:(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*\s*)\(\s*|\]\s*\(\s*)(?!\s)(?:[^()\s]|\s+(?![\s)])|\([^()]*\))+(?=\s*\)\s*\{)/,lookbehind:!0,inside:a.languages.javascript}],constant:/\b[A-Z](?:[A-Z_]|\dx?)*\b/}),a.languages.insertBefore("javascript","string",{hashbang:{pattern:/^#!.*/,greedy:!0,alias:"comment"},"template-string":{pattern:/`(?:\\[\s\S]|\$\{(?:[^{}]|\{(?:[^{}]|\{[^}]*\})*\})+\}|(?!\$\{)[^\\`])*`/,greedy:!0,inside:{"template-punctuation":{pattern:/^`|`$/,alias:"string"},interpolation:{pattern:/((?:^|[^\\])(?:\\{2})*)\$\{(?:[^{}]|\{(?:[^{}]|\{[^}]*\})*\})+\}/,lookbehind:!0,inside:{"interpolation-punctuation":{pattern:/^\$\{|\}$/,alias:"punctuation"},rest:a.languages.javascript}},string:/[\s\S]+/}},"string-property":{pattern:/((?:^|[,{])[ \t]*)(["'])(?:\\(?:\r\n|[\s\S])|(?!\2)[^\\\r\n])*\2(?=\s*:)/m,lookbehind:!0,greedy:!0,alias:"property"}}),a.languages.insertBefore("javascript","operator",{"literal-property":{pattern:/((?:^|[,{])[ \t]*)(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*(?=\s*:)/m,lookbehind:!0,alias:"property"}}),a.languages.markup&&(a.languages.markup.tag.addInlined("script","javascript"),a.languages.markup.tag.addAttribute(/on(?:abort|blur|change|click|composition(?:end|start|update)|dblclick|error|focus(?:in|out)?|key(?:down|up)|load|mouse(?:down|enter|leave|move|out|over|up)|reset|resize|scroll|select|slotchange|submit|unload|wheel)/.source,"javascript")),a.languages.js=a.languages.javascript,function(e){var t=/#(?!\{).+/,n={pattern:/#\{[^}]+\}/,alias:"variable"};e.languages.coffeescript=e.languages.extend("javascript",{comment:t,string:[{pattern:/'(?:\\[\s\S]|[^\\'])*'/,greedy:!0},{pattern:/"(?:\\[\s\S]|[^\\"])*"/,greedy:!0,inside:{interpolation:n}}],keyword:/\b(?:and|break|by|catch|class|continue|debugger|delete|do|each|else|extend|extends|false|finally|for|if|in|instanceof|is|isnt|let|loop|namespace|new|no|not|null|of|off|on|or|own|return|super|switch|then|this|throw|true|try|typeof|undefined|unless|until|when|while|window|with|yes|yield)\b/,"class-member":{pattern:/@(?!\d)\w+/,alias:"variable"}}),e.languages.insertBefore("coffeescript","comment",{"multiline-comment":{pattern:/###[\s\S]+?###/,alias:"comment"},"block-regex":{pattern:/\/{3}[\s\S]*?\/{3}/,alias:"regex",inside:{comment:t,interpolation:n}}}),e.languages.insertBefore("coffeescript","string",{"inline-javascript":{pattern:/`(?:\\[\s\S]|[^\\`])*`/,inside:{delimiter:{pattern:/^`|`$/,alias:"punctuation"},script:{pattern:/[\s\S]+/,alias:"language-javascript",inside:e.languages.javascript}}},"multiline-string":[{pattern:/'''[\s\S]*?'''/,greedy:!0,alias:"string"},{pattern:/"""[\s\S]*?"""/,greedy:!0,alias:"string",inside:{interpolation:n}}]}),e.languages.insertBefore("coffeescript","keyword",{property:/(?!\d)\w+(?=\s*:(?!:))/}),delete e.languages.coffeescript["template-string"],e.languages.coffee=e.languages.coffeescript}(a),function(e){var t=/[*&][^\s[\]{},]+/,n=/!(?:<[\w\-%#;/?:@&=+$,.!~*'()[\]]+>|(?:[a-zA-Z\d-]*!)?[\w\-%#;/?:@&=+$.~*'()]+)?/,r="(?:"+n.source+"(?:[ \t]+"+t.source+")?|"+t.source+"(?:[ \t]+"+n.source+")?)",a=/(?:[^\s\x00-\x08\x0e-\x1f!"#%&'*,\-:>?@[\]`{|}\x7f-\x84\x86-\x9f\ud800-\udfff\ufffe\uffff]|[?:-])(?:[ \t]*(?:(?![#:])|:))*/.source.replace(//g,(function(){return/[^\s\x00-\x08\x0e-\x1f,[\]{}\x7f-\x84\x86-\x9f\ud800-\udfff\ufffe\uffff]/.source})),o=/"(?:[^"\\\r\n]|\\.)*"|'(?:[^'\\\r\n]|\\.)*'/.source;function i(e,t){t=(t||"").replace(/m/g,"")+"m";var n=/([:\-,[{]\s*(?:\s<>[ \t]+)?)(?:<>)(?=[ \t]*(?:$|,|\]|\}|(?:[\r\n]\s*)?#))/.source.replace(/<>/g,(function(){return r})).replace(/<>/g,(function(){return e}));return RegExp(n,t)}e.languages.yaml={scalar:{pattern:RegExp(/([\-:]\s*(?:\s<>[ \t]+)?[|>])[ \t]*(?:((?:\r?\n|\r)[ \t]+)\S[^\r\n]*(?:\2[^\r\n]+)*)/.source.replace(/<>/g,(function(){return r}))),lookbehind:!0,alias:"string"},comment:/#.*/,key:{pattern:RegExp(/((?:^|[:\-,[{\r\n?])[ \t]*(?:<>[ \t]+)?)<>(?=\s*:\s)/.source.replace(/<>/g,(function(){return r})).replace(/<>/g,(function(){return"(?:"+a+"|"+o+")"}))),lookbehind:!0,greedy:!0,alias:"atrule"},directive:{pattern:/(^[ \t]*)%.+/m,lookbehind:!0,alias:"important"},datetime:{pattern:i(/\d{4}-\d\d?-\d\d?(?:[tT]|[ \t]+)\d\d?:\d{2}:\d{2}(?:\.\d*)?(?:[ \t]*(?:Z|[-+]\d\d?(?::\d{2})?))?|\d{4}-\d{2}-\d{2}|\d\d?:\d{2}(?::\d{2}(?:\.\d*)?)?/.source),lookbehind:!0,alias:"number"},boolean:{pattern:i(/false|true/.source,"i"),lookbehind:!0,alias:"important"},null:{pattern:i(/null|~/.source,"i"),lookbehind:!0,alias:"important"},string:{pattern:i(o),lookbehind:!0,greedy:!0},number:{pattern:i(/[+-]?(?:0x[\da-f]+|0o[0-7]+|(?:\d+(?:\.\d*)?|\.\d+)(?:e[+-]?\d+)?|\.inf|\.nan)/.source,"i"),lookbehind:!0},tag:n,important:t,punctuation:/---|[:[\]{}\-,|>?]|\.\.\./},e.languages.yml=e.languages.yaml}(a),function(e){var t=/(?:\\.|[^\\\n\r]|(?:\n|\r\n?)(?![\r\n]))/.source;function n(e){return e=e.replace(//g,(function(){return t})),RegExp(/((?:^|[^\\])(?:\\{2})*)/.source+"(?:"+e+")")}var r=/(?:\\.|``(?:[^`\r\n]|`(?!`))+``|`[^`\r\n]+`|[^\\|\r\n`])+/.source,a=/\|?__(?:\|__)+\|?(?:(?:\n|\r\n?)|(?![\s\S]))/.source.replace(/__/g,(function(){return r})),o=/\|?[ \t]*:?-{3,}:?[ \t]*(?:\|[ \t]*:?-{3,}:?[ \t]*)+\|?(?:\n|\r\n?)/.source;e.languages.markdown=e.languages.extend("markup",{}),e.languages.insertBefore("markdown","prolog",{"front-matter-block":{pattern:/(^(?:\s*[\r\n])?)---(?!.)[\s\S]*?[\r\n]---(?!.)/,lookbehind:!0,greedy:!0,inside:{punctuation:/^---|---$/,"front-matter":{pattern:/\S+(?:\s+\S+)*/,alias:["yaml","language-yaml"],inside:e.languages.yaml}}},blockquote:{pattern:/^>(?:[\t ]*>)*/m,alias:"punctuation"},table:{pattern:RegExp("^"+a+o+"(?:"+a+")*","m"),inside:{"table-data-rows":{pattern:RegExp("^("+a+o+")(?:"+a+")*$"),lookbehind:!0,inside:{"table-data":{pattern:RegExp(r),inside:e.languages.markdown},punctuation:/\|/}},"table-line":{pattern:RegExp("^("+a+")"+o+"$"),lookbehind:!0,inside:{punctuation:/\||:?-{3,}:?/}},"table-header-row":{pattern:RegExp("^"+a+"$"),inside:{"table-header":{pattern:RegExp(r),alias:"important",inside:e.languages.markdown},punctuation:/\|/}}}},code:[{pattern:/((?:^|\n)[ \t]*\n|(?:^|\r\n?)[ \t]*\r\n?)(?: {4}|\t).+(?:(?:\n|\r\n?)(?: {4}|\t).+)*/,lookbehind:!0,alias:"keyword"},{pattern:/^```[\s\S]*?^```$/m,greedy:!0,inside:{"code-block":{pattern:/^(```.*(?:\n|\r\n?))[\s\S]+?(?=(?:\n|\r\n?)^```$)/m,lookbehind:!0},"code-language":{pattern:/^(```).+/,lookbehind:!0},punctuation:/```/}}],title:[{pattern:/\S.*(?:\n|\r\n?)(?:==+|--+)(?=[ \t]*$)/m,alias:"important",inside:{punctuation:/==+$|--+$/}},{pattern:/(^\s*)#.+/m,lookbehind:!0,alias:"important",inside:{punctuation:/^#+|#+$/}}],hr:{pattern:/(^\s*)([*-])(?:[\t ]*\2){2,}(?=\s*$)/m,lookbehind:!0,alias:"punctuation"},list:{pattern:/(^\s*)(?:[*+-]|\d+\.)(?=[\t ].)/m,lookbehind:!0,alias:"punctuation"},"url-reference":{pattern:/!?\[[^\]]+\]:[\t ]+(?:\S+|<(?:\\.|[^>\\])+>)(?:[\t ]+(?:"(?:\\.|[^"\\])*"|'(?:\\.|[^'\\])*'|\((?:\\.|[^)\\])*\)))?/,inside:{variable:{pattern:/^(!?\[)[^\]]+/,lookbehind:!0},string:/(?:"(?:\\.|[^"\\])*"|'(?:\\.|[^'\\])*'|\((?:\\.|[^)\\])*\))$/,punctuation:/^[\[\]!:]|[<>]/},alias:"url"},bold:{pattern:n(/\b__(?:(?!_)|_(?:(?!_))+_)+__\b|\*\*(?:(?!\*)|\*(?:(?!\*))+\*)+\*\*/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^..)[\s\S]+(?=..$)/,lookbehind:!0,inside:{}},punctuation:/\*\*|__/}},italic:{pattern:n(/\b_(?:(?!_)|__(?:(?!_))+__)+_\b|\*(?:(?!\*)|\*\*(?:(?!\*))+\*\*)+\*/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^.)[\s\S]+(?=.$)/,lookbehind:!0,inside:{}},punctuation:/[*_]/}},strike:{pattern:n(/(~~?)(?:(?!~))+\2/.source),lookbehind:!0,greedy:!0,inside:{content:{pattern:/(^~~?)[\s\S]+(?=\1$)/,lookbehind:!0,inside:{}},punctuation:/~~?/}},"code-snippet":{pattern:/(^|[^\\`])(?:``[^`\r\n]+(?:`[^`\r\n]+)*``(?!`)|`[^`\r\n]+`(?!`))/,lookbehind:!0,greedy:!0,alias:["code","keyword"]},url:{pattern:n(/!?\[(?:(?!\]))+\](?:\([^\s)]+(?:[\t ]+"(?:\\.|[^"\\])*")?\)|[ \t]?\[(?:(?!\]))+\])/.source),lookbehind:!0,greedy:!0,inside:{operator:/^!/,content:{pattern:/(^\[)[^\]]+(?=\])/,lookbehind:!0,inside:{}},variable:{pattern:/(^\][ \t]?\[)[^\]]+(?=\]$)/,lookbehind:!0},url:{pattern:/(^\]\()[^\s)]+/,lookbehind:!0},string:{pattern:/(^[ \t]+)"(?:\\.|[^"\\])*"(?=\)$)/,lookbehind:!0}}}}),["url","bold","italic","strike"].forEach((function(t){["url","bold","italic","strike","code-snippet"].forEach((function(n){t!==n&&(e.languages.markdown[t].inside.content.inside[n]=e.languages.markdown[n])}))})),e.hooks.add("after-tokenize",(function(e){"markdown"!==e.language&&"md"!==e.language||function e(t){if(t&&"string"!=typeof t)for(var n=0,r=t.length;n",quot:'"'},s=String.fromCodePoint||String.fromCharCode;e.languages.md=e.languages.markdown}(a),a.languages.graphql={comment:/#.*/,description:{pattern:/(?:"""(?:[^"]|(?!""")")*"""|"(?:\\.|[^\\"\r\n])*")(?=\s*[a-z_])/i,greedy:!0,alias:"string",inside:{"language-markdown":{pattern:/(^"(?:"")?)(?!\1)[\s\S]+(?=\1$)/,lookbehind:!0,inside:a.languages.markdown}}},string:{pattern:/"""(?:[^"]|(?!""")")*"""|"(?:\\.|[^\\"\r\n])*"/,greedy:!0},number:/(?:\B-|\b)\d+(?:\.\d+)?(?:e[+-]?\d+)?\b/i,boolean:/\b(?:false|true)\b/,variable:/\$[a-z_]\w*/i,directive:{pattern:/@[a-z_]\w*/i,alias:"function"},"attr-name":{pattern:/\b[a-z_]\w*(?=\s*(?:\((?:[^()"]|"(?:\\.|[^\\"\r\n])*")*\))?:)/i,greedy:!0},"atom-input":{pattern:/\b[A-Z]\w*Input\b/,alias:"class-name"},scalar:/\b(?:Boolean|Float|ID|Int|String)\b/,constant:/\b[A-Z][A-Z_\d]*\b/,"class-name":{pattern:/(\b(?:enum|implements|interface|on|scalar|type|union)\s+|&\s*|:\s*|\[)[A-Z_]\w*/,lookbehind:!0},fragment:{pattern:/(\bfragment\s+|\.{3}\s*(?!on\b))[a-zA-Z_]\w*/,lookbehind:!0,alias:"function"},"definition-mutation":{pattern:/(\bmutation\s+)[a-zA-Z_]\w*/,lookbehind:!0,alias:"function"},"definition-query":{pattern:/(\bquery\s+)[a-zA-Z_]\w*/,lookbehind:!0,alias:"function"},keyword:/\b(?:directive|enum|extend|fragment|implements|input|interface|mutation|on|query|repeatable|scalar|schema|subscription|type|union)\b/,operator:/[!=|&]|\.{3}/,"property-query":/\w+(?=\s*\()/,object:/\w+(?=\s*\{)/,punctuation:/[!(){}\[\]:=,]/,property:/\w+/},a.hooks.add("after-tokenize",(function(e){if("graphql"===e.language)for(var t=e.tokens.filter((function(e){return"string"!=typeof e&&"comment"!==e.type&&"scalar"!==e.type})),n=0;n0)){var l=f(/^\{$/,/^\}$/);if(-1===l)continue;for(var s=n;s=0&&p(c,"variable-input")}}}}function u(e){return t[n+e]}function d(e,t){t=t||0;for(var n=0;n?|<|>)?|>[>=]?|\b(?:AND|BETWEEN|DIV|ILIKE|IN|IS|LIKE|NOT|OR|REGEXP|RLIKE|SOUNDS LIKE|XOR)\b/i,punctuation:/[;[\]()`,.]/},function(e){var t=e.languages.javascript["template-string"],n=t.pattern.source,r=t.inside.interpolation,a=r.inside["interpolation-punctuation"],o=r.pattern.source;function i(t,r){if(e.languages[t])return{pattern:RegExp("((?:"+r+")\\s*)"+n),lookbehind:!0,greedy:!0,inside:{"template-punctuation":{pattern:/^`|`$/,alias:"string"},"embedded-code":{pattern:/[\s\S]+/,alias:t}}}}function l(e,t){return"___"+t.toUpperCase()+"_"+e+"___"}function s(t,n,r){var a={code:t,grammar:n,language:r};return e.hooks.run("before-tokenize",a),a.tokens=e.tokenize(a.code,a.grammar),e.hooks.run("after-tokenize",a),a.tokens}function c(t){var n={};n["interpolation-punctuation"]=a;var o=e.tokenize(t,n);if(3===o.length){var i=[1,1];i.push.apply(i,s(o[1],e.languages.javascript,"javascript")),o.splice.apply(o,i)}return new e.Token("interpolation",o,r.alias,t)}function u(t,n,r){var a=e.tokenize(t,{interpolation:{pattern:RegExp(o),lookbehind:!0}}),i=0,u={},d=s(a.map((function(e){if("string"==typeof e)return e;for(var n,a=e.content;-1!==t.indexOf(n=l(i++,r)););return u[n]=a,n})).join(""),n,r),f=Object.keys(u);return i=0,function e(t){for(var n=0;n=f.length)return;var r=t[n];if("string"==typeof r||"string"==typeof r.content){var a=f[i],o="string"==typeof r?r:r.content,l=o.indexOf(a);if(-1!==l){++i;var s=o.substring(0,l),d=c(u[a]),p=o.substring(l+a.length),m=[];if(s&&m.push(s),m.push(d),p){var h=[p];e(h),m.push.apply(m,h)}"string"==typeof r?(t.splice.apply(t,[n,1].concat(m)),n+=m.length-1):r.content=m}}else{var g=r.content;Array.isArray(g)?e(g):e([g])}}}(d),new e.Token(r,d,"language-"+r,t)}e.languages.javascript["template-string"]=[i("css",/\b(?:styled(?:\([^)]*\))?(?:\s*\.\s*\w+(?:\([^)]*\))*)*|css(?:\s*\.\s*(?:global|resolve))?|createGlobalStyle|keyframes)/.source),i("html",/\bhtml|\.\s*(?:inner|outer)HTML\s*\+?=/.source),i("svg",/\bsvg/.source),i("markdown",/\b(?:markdown|md)/.source),i("graphql",/\b(?:gql|graphql(?:\s*\.\s*experimental)?)/.source),i("sql",/\bsql/.source),t].filter(Boolean);var d={javascript:!0,js:!0,typescript:!0,ts:!0,jsx:!0,tsx:!0};function f(e){return"string"==typeof e?e:Array.isArray(e)?e.map(f).join(""):f(e.content)}e.hooks.add("after-tokenize",(function(t){t.language in d&&function t(n){for(var r=0,a=n.length;r]|<(?:[^<>]|<[^<>]*>)*>)*>)?/,lookbehind:!0,greedy:!0,inside:null},builtin:/\b(?:Array|Function|Promise|any|boolean|console|never|number|string|symbol|unknown)\b/}),e.languages.typescript.keyword.push(/\b(?:abstract|declare|is|keyof|readonly|require)\b/,/\b(?:asserts|infer|interface|module|namespace|type)\b(?=\s*(?:[{_$a-zA-Z\xA0-\uFFFF]|$))/,/\btype\b(?=\s*(?:[\{*]|$))/),delete e.languages.typescript.parameter,delete e.languages.typescript["literal-property"];var t=e.languages.extend("typescript",{});delete t["class-name"],e.languages.typescript["class-name"].inside=t,e.languages.insertBefore("typescript","function",{decorator:{pattern:/@[$\w\xA0-\uFFFF]+/,inside:{at:{pattern:/^@/,alias:"operator"},function:/^[\s\S]+/}},"generic-function":{pattern:/#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*\s*<(?:[^<>]|<(?:[^<>]|<[^<>]*>)*>)*>(?=\s*\()/,greedy:!0,inside:{function:/^#?(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*/,generic:{pattern:/<[\s\S]+/,alias:"class-name",inside:t}}}}),e.languages.ts=e.languages.typescript}(a),function(e){function t(e,t){return RegExp(e.replace(//g,(function(){return/(?!\s)[_$a-zA-Z\xA0-\uFFFF](?:(?!\s)[$\w\xA0-\uFFFF])*/.source})),t)}e.languages.insertBefore("javascript","function-variable",{"method-variable":{pattern:RegExp("(\\.\\s*)"+e.languages.javascript["function-variable"].pattern.source),lookbehind:!0,alias:["function-variable","method","function","property-access"]}}),e.languages.insertBefore("javascript","function",{method:{pattern:RegExp("(\\.\\s*)"+e.languages.javascript.function.source),lookbehind:!0,alias:["function","property-access"]}}),e.languages.insertBefore("javascript","constant",{"known-class-name":[{pattern:/\b(?:(?:Float(?:32|64)|(?:Int|Uint)(?:8|16|32)|Uint8Clamped)?Array|ArrayBuffer|BigInt|Boolean|DataView|Date|Error|Function|Intl|JSON|(?:Weak)?(?:Map|Set)|Math|Number|Object|Promise|Proxy|Reflect|RegExp|String|Symbol|WebAssembly)\b/,alias:"class-name"},{pattern:/\b(?:[A-Z]\w*)Error\b/,alias:"class-name"}]}),e.languages.insertBefore("javascript","keyword",{imports:{pattern:t(/(\bimport\b\s*)(?:(?:\s*,\s*(?:\*\s*as\s+|\{[^{}]*\}))?|\*\s*as\s+|\{[^{}]*\})(?=\s*\bfrom\b)/.source),lookbehind:!0,inside:e.languages.javascript},exports:{pattern:t(/(\bexport\b\s*)(?:\*(?:\s*as\s+)?(?=\s*\bfrom\b)|\{[^{}]*\})/.source),lookbehind:!0,inside:e.languages.javascript}}),e.languages.javascript.keyword.unshift({pattern:/\b(?:as|default|export|from|import)\b/,alias:"module"},{pattern:/\b(?:await|break|catch|continue|do|else|finally|for|if|return|switch|throw|try|while|yield)\b/,alias:"control-flow"},{pattern:/\bnull\b/,alias:["null","nil"]},{pattern:/\bundefined\b/,alias:"nil"}),e.languages.insertBefore("javascript","operator",{spread:{pattern:/\.{3}/,alias:"operator"},arrow:{pattern:/=>/,alias:"operator"}}),e.languages.insertBefore("javascript","punctuation",{"property-access":{pattern:t(/(\.\s*)#?/.source),lookbehind:!0},"maybe-class-name":{pattern:/(^|[^$\w\xA0-\uFFFF])[A-Z][$\w\xA0-\uFFFF]+/,lookbehind:!0},dom:{pattern:/\b(?:document|(?:local|session)Storage|location|navigator|performance|window)\b/,alias:"variable"},console:{pattern:/\bconsole(?=\s*\.)/,alias:"class-name"}});for(var n=["function","function-variable","method","method-variable","property-access"],r=0;r*\.{3}(?:[^{}]|)*\})/.source;function o(e,t){return e=e.replace(//g,(function(){return n})).replace(//g,(function(){return r})).replace(//g,(function(){return a})),RegExp(e,t)}a=o(a).source,e.languages.jsx=e.languages.extend("markup",t),e.languages.jsx.tag.pattern=o(/<\/?(?:[\w.:-]+(?:+(?:[\w.:$-]+(?:=(?:"(?:\\[\s\S]|[^\\"])*"|'(?:\\[\s\S]|[^\\'])*'|[^\s{'"/>=]+|))?|))**\/?)?>/.source),e.languages.jsx.tag.inside.tag.pattern=/^<\/?[^\s>\/]*/,e.languages.jsx.tag.inside["attr-value"].pattern=/=(?!\{)(?:"(?:\\[\s\S]|[^\\"])*"|'(?:\\[\s\S]|[^\\'])*'|[^\s'">]+)/,e.languages.jsx.tag.inside.tag.inside["class-name"]=/^[A-Z]\w*(?:\.[A-Z]\w*)*$/,e.languages.jsx.tag.inside.comment=t.comment,e.languages.insertBefore("inside","attr-name",{spread:{pattern:o(//.source),inside:e.languages.jsx}},e.languages.jsx.tag),e.languages.insertBefore("inside","special-attr",{script:{pattern:o(/=/.source),alias:"language-javascript",inside:{"script-punctuation":{pattern:/^=(?=\{)/,alias:"punctuation"},rest:e.languages.jsx}}},e.languages.jsx.tag);var i=function(e){return e?"string"==typeof e?e:"string"==typeof e.content?e.content:e.content.map(i).join(""):""},l=function(t){for(var n=[],r=0;r0&&n[n.length-1].tagName===i(a.content[0].content[1])&&n.pop():"/>"===a.content[a.content.length-1].content||n.push({tagName:i(a.content[0].content[1]),openedBraces:0}):n.length>0&&"punctuation"===a.type&&"{"===a.content?n[n.length-1].openedBraces++:n.length>0&&n[n.length-1].openedBraces>0&&"punctuation"===a.type&&"}"===a.content?n[n.length-1].openedBraces--:o=!0),(o||"string"==typeof a)&&n.length>0&&0===n[n.length-1].openedBraces){var s=i(a);r0&&("string"==typeof t[r-1]||"plain-text"===t[r-1].type)&&(s=i(t[r-1])+s,t.splice(r-1,1),r--),t[r]=new e.Token("plain-text",s,null,s)}a.content&&"string"!=typeof a.content&&l(a.content)}};e.hooks.add("after-tokenize",(function(e){"jsx"!==e.language&&"tsx"!==e.language||l(e.tokens)}))}(a),function(e){e.languages.diff={coord:[/^(?:\*{3}|-{3}|\+{3}).*$/m,/^@@.*@@$/m,/^\d.*$/m]};var t={"deleted-sign":"-","deleted-arrow":"<","inserted-sign":"+","inserted-arrow":">",unchanged:" ",diff:"!"};Object.keys(t).forEach((function(n){var r=t[n],a=[];/^\w+$/.test(n)||a.push(/\w+/.exec(n)[0]),"diff"===n&&a.push("bold"),e.languages.diff[n]={pattern:RegExp("^(?:["+r+"].*(?:\r\n?|\n|(?![\\s\\S])))+","m"),alias:a,inside:{line:{pattern:/(.)(?=[\s\S]).*(?:\r\n?|\n)?/,lookbehind:!0},prefix:{pattern:/[\s\S]/,alias:/\w+/.exec(n)[0]}}}})),Object.defineProperty(e.languages.diff,"PREFIXES",{value:t})}(a),a.languages.git={comment:/^#.*/m,deleted:/^[-\u2013].*/m,inserted:/^\+.*/m,string:/("|')(?:\\.|(?!\1)[^\\\r\n])*\1/,command:{pattern:/^.*\$ git .*$/m,inside:{parameter:/\s--?\w+/}},coord:/^@@.*@@$/m,"commit-sha1":/^commit \w{40}$/m},a.languages.go=a.languages.extend("clike",{string:{pattern:/(^|[^\\])"(?:\\.|[^"\\\r\n])*"|`[^`]*`/,lookbehind:!0,greedy:!0},keyword:/\b(?:break|case|chan|const|continue|default|defer|else|fallthrough|for|func|go(?:to)?|if|import|interface|map|package|range|return|select|struct|switch|type|var)\b/,boolean:/\b(?:_|false|iota|nil|true)\b/,number:[/\b0(?:b[01_]+|o[0-7_]+)i?\b/i,/\b0x(?:[a-f\d_]+(?:\.[a-f\d_]*)?|\.[a-f\d_]+)(?:p[+-]?\d+(?:_\d+)*)?i?(?!\w)/i,/(?:\b\d[\d_]*(?:\.[\d_]*)?|\B\.\d[\d_]*)(?:e[+-]?[\d_]+)?i?(?!\w)/i],operator:/[*\/%^!=]=?|\+[=+]?|-[=-]?|\|[=|]?|&(?:=|&|\^=?)?|>(?:>=?|=)?|<(?:<=?|=|-)?|:=|\.\.\./,builtin:/\b(?:append|bool|byte|cap|close|complex|complex(?:64|128)|copy|delete|error|float(?:32|64)|u?int(?:8|16|32|64)?|imag|len|make|new|panic|print(?:ln)?|real|recover|rune|string|uintptr)\b/}),a.languages.insertBefore("go","string",{char:{pattern:/'(?:\\.|[^'\\\r\n]){0,10}'/,greedy:!0}}),delete a.languages.go["class-name"],function(e){function t(e,t){return"___"+e.toUpperCase()+t+"___"}Object.defineProperties(e.languages["markup-templating"]={},{buildPlaceholders:{value:function(n,r,a,o){if(n.language===r){var i=n.tokenStack=[];n.code=n.code.replace(a,(function(e){if("function"==typeof o&&!o(e))return e;for(var a,l=i.length;-1!==n.code.indexOf(a=t(r,l));)++l;return i[l]=e,a})),n.grammar=e.languages.markup}}},tokenizePlaceholders:{value:function(n,r){if(n.language===r&&n.tokenStack){n.grammar=e.languages[r];var a=0,o=Object.keys(n.tokenStack);!function i(l){for(var s=0;s=o.length);s++){var c=l[s];if("string"==typeof c||c.content&&"string"==typeof c.content){var u=o[a],d=n.tokenStack[u],f="string"==typeof c?c:c.content,p=t(r,u),m=f.indexOf(p);if(m>-1){++a;var h=f.substring(0,m),g=new e.Token(r,e.tokenize(d,n.grammar),"language-"+r,d),b=f.substring(m+p.length),v=[];h&&v.push.apply(v,i([h])),v.push(g),b&&v.push.apply(v,i([b])),"string"==typeof c?l.splice.apply(l,[s,1].concat(v)):c.content=v}}else c.content&&i(c.content)}return l}(n.tokens)}}}})}(a),function(e){e.languages.handlebars={comment:/\{\{![\s\S]*?\}\}/,delimiter:{pattern:/^\{\{\{?|\}\}\}?$/,alias:"punctuation"},string:/(["'])(?:\\.|(?!\1)[^\\\r\n])*\1/,number:/\b0x[\dA-Fa-f]+\b|(?:\b\d+(?:\.\d*)?|\B\.\d+)(?:[Ee][+-]?\d+)?/,boolean:/\b(?:false|true)\b/,block:{pattern:/^(\s*(?:~\s*)?)[#\/]\S+?(?=\s*(?:~\s*)?$|\s)/,lookbehind:!0,alias:"keyword"},brackets:{pattern:/\[[^\]]+\]/,inside:{punctuation:/\[|\]/,variable:/[\s\S]+/}},punctuation:/[!"#%&':()*+,.\/;<=>@\[\\\]^`{|}~]/,variable:/[^!"#%&'()*+,\/;<=>@\[\\\]^`{|}~\s]+/},e.hooks.add("before-tokenize",(function(t){e.languages["markup-templating"].buildPlaceholders(t,"handlebars",/\{\{\{[\s\S]+?\}\}\}|\{\{[\s\S]+?\}\}/g)})),e.hooks.add("after-tokenize",(function(t){e.languages["markup-templating"].tokenizePlaceholders(t,"handlebars")})),e.languages.hbs=e.languages.handlebars}(a),a.languages.json={property:{pattern:/(^|[^\\])"(?:\\.|[^\\"\r\n])*"(?=\s*:)/,lookbehind:!0,greedy:!0},string:{pattern:/(^|[^\\])"(?:\\.|[^\\"\r\n])*"(?!\s*:)/,lookbehind:!0,greedy:!0},comment:{pattern:/\/\/.*|\/\*[\s\S]*?(?:\*\/|$)/,greedy:!0},number:/-?\b\d+(?:\.\d+)?(?:e[+-]?\d+)?\b/i,punctuation:/[{}[\],]/,operator:/:/,boolean:/\b(?:false|true)\b/,null:{pattern:/\bnull\b/,alias:"keyword"}},a.languages.webmanifest=a.languages.json,a.languages.less=a.languages.extend("css",{comment:[/\/\*[\s\S]*?\*\//,{pattern:/(^|[^\\])\/\/.*/,lookbehind:!0}],atrule:{pattern:/@[\w-](?:\((?:[^(){}]|\([^(){}]*\))*\)|[^(){};\s]|\s+(?!\s))*?(?=\s*\{)/,inside:{punctuation:/[:()]/}},selector:{pattern:/(?:@\{[\w-]+\}|[^{};\s@])(?:@\{[\w-]+\}|\((?:[^(){}]|\([^(){}]*\))*\)|[^(){};@\s]|\s+(?!\s))*?(?=\s*\{)/,inside:{variable:/@+[\w-]+/}},property:/(?:@\{[\w-]+\}|[\w-])+(?:\+_?)?(?=\s*:)/,operator:/[+\-*\/]/}),a.languages.insertBefore("less","property",{variable:[{pattern:/@[\w-]+\s*:/,inside:{punctuation:/:/}},/@@?[\w-]+/],"mixin-usage":{pattern:/([{;]\s*)[.#](?!\d)[\w-].*?(?=[(;])/,lookbehind:!0,alias:"function"}}),a.languages.makefile={comment:{pattern:/(^|[^\\])#(?:\\(?:\r\n|[\s\S])|[^\\\r\n])*/,lookbehind:!0},string:{pattern:/(["'])(?:\\(?:\r\n|[\s\S])|(?!\1)[^\\\r\n])*\1/,greedy:!0},"builtin-target":{pattern:/\.[A-Z][^:#=\s]+(?=\s*:(?!=))/,alias:"builtin"},target:{pattern:/^(?:[^:=\s]|[ \t]+(?![\s:]))+(?=\s*:(?!=))/m,alias:"symbol",inside:{variable:/\$+(?:(?!\$)[^(){}:#=\s]+|(?=[({]))/}},variable:/\$+(?:(?!\$)[^(){}:#=\s]+|\([@*%<^+?][DF]\)|(?=[({]))/,keyword:/-include\b|\b(?:define|else|endef|endif|export|ifn?def|ifn?eq|include|override|private|sinclude|undefine|unexport|vpath)\b/,function:{pattern:/(\()(?:abspath|addsuffix|and|basename|call|dir|error|eval|file|filter(?:-out)?|findstring|firstword|flavor|foreach|guile|if|info|join|lastword|load|notdir|or|origin|patsubst|realpath|shell|sort|strip|subst|suffix|value|warning|wildcard|word(?:list|s)?)(?=[ \t])/,lookbehind:!0},operator:/(?:::|[?:+!])?=|[|@]/,punctuation:/[:;(){}]/},a.languages.objectivec=a.languages.extend("c",{string:{pattern:/@?"(?:\\(?:\r\n|[\s\S])|[^"\\\r\n])*"/,greedy:!0},keyword:/\b(?:asm|auto|break|case|char|const|continue|default|do|double|else|enum|extern|float|for|goto|if|in|inline|int|long|register|return|self|short|signed|sizeof|static|struct|super|switch|typedef|typeof|union|unsigned|void|volatile|while)\b|(?:@interface|@end|@implementation|@protocol|@class|@public|@protected|@private|@property|@try|@catch|@finally|@throw|@synthesize|@dynamic|@selector)\b/,operator:/-[->]?|\+\+?|!=?|<>?=?|==?|&&?|\|\|?|[~^%?*\/@]/}),delete a.languages.objectivec["class-name"],a.languages.objc=a.languages.objectivec,a.languages.ocaml={comment:{pattern:/\(\*[\s\S]*?\*\)/,greedy:!0},char:{pattern:/'(?:[^\\\r\n']|\\(?:.|[ox]?[0-9a-f]{1,3}))'/i,greedy:!0},string:[{pattern:/"(?:\\(?:[\s\S]|\r\n)|[^\\\r\n"])*"/,greedy:!0},{pattern:/\{([a-z_]*)\|[\s\S]*?\|\1\}/,greedy:!0}],number:[/\b(?:0b[01][01_]*|0o[0-7][0-7_]*)\b/i,/\b0x[a-f0-9][a-f0-9_]*(?:\.[a-f0-9_]*)?(?:p[+-]?\d[\d_]*)?(?!\w)/i,/\b\d[\d_]*(?:\.[\d_]*)?(?:e[+-]?\d[\d_]*)?(?!\w)/i],directive:{pattern:/\B#\w+/,alias:"property"},label:{pattern:/\B~\w+/,alias:"property"},"type-variable":{pattern:/\B'\w+/,alias:"function"},variant:{pattern:/`\w+/,alias:"symbol"},keyword:/\b(?:as|assert|begin|class|constraint|do|done|downto|else|end|exception|external|for|fun|function|functor|if|in|include|inherit|initializer|lazy|let|match|method|module|mutable|new|nonrec|object|of|open|private|rec|sig|struct|then|to|try|type|val|value|virtual|when|where|while|with)\b/,boolean:/\b(?:false|true)\b/,"operator-like-punctuation":{pattern:/\[[<>|]|[>|]\]|\{<|>\}/,alias:"punctuation"},operator:/\.[.~]|:[=>]|[=<>@^|&+\-*\/$%!?~][!$%&*+\-.\/:<=>?@^|~]*|\b(?:and|asr|land|lor|lsl|lsr|lxor|mod|or)\b/,punctuation:/;;|::|[(){}\[\].,:;#]|\b_\b/},a.languages.python={comment:{pattern:/(^|[^\\])#.*/,lookbehind:!0,greedy:!0},"string-interpolation":{pattern:/(?:f|fr|rf)(?:("""|''')[\s\S]*?\1|("|')(?:\\.|(?!\2)[^\\\r\n])*\2)/i,greedy:!0,inside:{interpolation:{pattern:/((?:^|[^{])(?:\{\{)*)\{(?!\{)(?:[^{}]|\{(?!\{)(?:[^{}]|\{(?!\{)(?:[^{}])+\})+\})+\}/,lookbehind:!0,inside:{"format-spec":{pattern:/(:)[^:(){}]+(?=\}$)/,lookbehind:!0},"conversion-option":{pattern:/![sra](?=[:}]$)/,alias:"punctuation"},rest:null}},string:/[\s\S]+/}},"triple-quoted-string":{pattern:/(?:[rub]|br|rb)?("""|''')[\s\S]*?\1/i,greedy:!0,alias:"string"},string:{pattern:/(?:[rub]|br|rb)?("|')(?:\\.|(?!\1)[^\\\r\n])*\1/i,greedy:!0},function:{pattern:/((?:^|\s)def[ \t]+)[a-zA-Z_]\w*(?=\s*\()/g,lookbehind:!0},"class-name":{pattern:/(\bclass\s+)\w+/i,lookbehind:!0},decorator:{pattern:/(^[\t ]*)@\w+(?:\.\w+)*/m,lookbehind:!0,alias:["annotation","punctuation"],inside:{punctuation:/\./}},keyword:/\b(?:_(?=\s*:)|and|as|assert|async|await|break|case|class|continue|def|del|elif|else|except|exec|finally|for|from|global|if|import|in|is|lambda|match|nonlocal|not|or|pass|print|raise|return|try|while|with|yield)\b/,builtin:/\b(?:__import__|abs|all|any|apply|ascii|basestring|bin|bool|buffer|bytearray|bytes|callable|chr|classmethod|cmp|coerce|compile|complex|delattr|dict|dir|divmod|enumerate|eval|execfile|file|filter|float|format|frozenset|getattr|globals|hasattr|hash|help|hex|id|input|int|intern|isinstance|issubclass|iter|len|list|locals|long|map|max|memoryview|min|next|object|oct|open|ord|pow|property|range|raw_input|reduce|reload|repr|reversed|round|set|setattr|slice|sorted|staticmethod|str|sum|super|tuple|type|unichr|unicode|vars|xrange|zip)\b/,boolean:/\b(?:False|None|True)\b/,number:/\b0(?:b(?:_?[01])+|o(?:_?[0-7])+|x(?:_?[a-f0-9])+)\b|(?:\b\d+(?:_\d+)*(?:\.(?:\d+(?:_\d+)*)?)?|\B\.\d+(?:_\d+)*)(?:e[+-]?\d+(?:_\d+)*)?j?(?!\w)/i,operator:/[-+%=]=?|!=|:=|\*\*?=?|\/\/?=?|<[<=>]?|>[=>]?|[&|^~]/,punctuation:/[{}[\];(),.:]/},a.languages.python["string-interpolation"].inside.interpolation.inside.rest=a.languages.python,a.languages.py=a.languages.python,a.languages.reason=a.languages.extend("clike",{string:{pattern:/"(?:\\(?:\r\n|[\s\S])|[^\\\r\n"])*"/,greedy:!0},"class-name":/\b[A-Z]\w*/,keyword:/\b(?:and|as|assert|begin|class|constraint|do|done|downto|else|end|exception|external|for|fun|function|functor|if|in|include|inherit|initializer|lazy|let|method|module|mutable|new|nonrec|object|of|open|or|private|rec|sig|struct|switch|then|to|try|type|val|virtual|when|while|with)\b/,operator:/\.{3}|:[:=]|\|>|->|=(?:==?|>)?|<=?|>=?|[|^?'#!~`]|[+\-*\/]\.?|\b(?:asr|land|lor|lsl|lsr|lxor|mod)\b/}),a.languages.insertBefore("reason","class-name",{char:{pattern:/'(?:\\x[\da-f]{2}|\\o[0-3][0-7][0-7]|\\\d{3}|\\.|[^'\\\r\n])'/,greedy:!0},constructor:/\b[A-Z]\w*\b(?!\s*\.)/,label:{pattern:/\b[a-z]\w*(?=::)/,alias:"symbol"}}),delete a.languages.reason.function,function(e){e.languages.sass=e.languages.extend("css",{comment:{pattern:/^([ \t]*)\/[\/*].*(?:(?:\r?\n|\r)\1[ \t].+)*/m,lookbehind:!0,greedy:!0}}),e.languages.insertBefore("sass","atrule",{"atrule-line":{pattern:/^(?:[ \t]*)[@+=].+/m,greedy:!0,inside:{atrule:/(?:@[\w-]+|[+=])/}}}),delete e.languages.sass.atrule;var t=/\$[-\w]+|#\{\$[-\w]+\}/,n=[/[+*\/%]|[=!]=|<=?|>=?|\b(?:and|not|or)\b/,{pattern:/(\s)-(?=\s)/,lookbehind:!0}];e.languages.insertBefore("sass","property",{"variable-line":{pattern:/^[ \t]*\$.+/m,greedy:!0,inside:{punctuation:/:/,variable:t,operator:n}},"property-line":{pattern:/^[ \t]*(?:[^:\s]+ *:.*|:[^:\s].*)/m,greedy:!0,inside:{property:[/[^:\s]+(?=\s*:)/,{pattern:/(:)[^:\s]+/,lookbehind:!0}],punctuation:/:/,variable:t,operator:n,important:e.languages.sass.important}}}),delete e.languages.sass.property,delete e.languages.sass.important,e.languages.insertBefore("sass","punctuation",{selector:{pattern:/^([ \t]*)\S(?:,[^,\r\n]+|[^,\r\n]*)(?:,[^,\r\n]+)*(?:,(?:\r?\n|\r)\1[ \t]+\S(?:,[^,\r\n]+|[^,\r\n]*)(?:,[^,\r\n]+)*)*/m,lookbehind:!0,greedy:!0}})}(a),a.languages.scss=a.languages.extend("css",{comment:{pattern:/(^|[^\\])(?:\/\*[\s\S]*?\*\/|\/\/.*)/,lookbehind:!0},atrule:{pattern:/@[\w-](?:\([^()]+\)|[^()\s]|\s+(?!\s))*?(?=\s+[{;])/,inside:{rule:/@[\w-]+/}},url:/(?:[-a-z]+-)?url(?=\()/i,selector:{pattern:/(?=\S)[^@;{}()]?(?:[^@;{}()\s]|\s+(?!\s)|#\{\$[-\w]+\})+(?=\s*\{(?:\}|\s|[^}][^:{}]*[:{][^}]))/,inside:{parent:{pattern:/&/,alias:"important"},placeholder:/%[-\w]+/,variable:/\$[-\w]+|#\{\$[-\w]+\}/}},property:{pattern:/(?:[-\w]|\$[-\w]|#\{\$[-\w]+\})+(?=\s*:)/,inside:{variable:/\$[-\w]+|#\{\$[-\w]+\}/}}}),a.languages.insertBefore("scss","atrule",{keyword:[/@(?:content|debug|each|else(?: if)?|extend|for|forward|function|if|import|include|mixin|return|use|warn|while)\b/i,{pattern:/( )(?:from|through)(?= )/,lookbehind:!0}]}),a.languages.insertBefore("scss","important",{variable:/\$[-\w]+|#\{\$[-\w]+\}/}),a.languages.insertBefore("scss","function",{"module-modifier":{pattern:/\b(?:as|hide|show|with)\b/i,alias:"keyword"},placeholder:{pattern:/%[-\w]+/,alias:"selector"},statement:{pattern:/\B!(?:default|optional)\b/i,alias:"keyword"},boolean:/\b(?:false|true)\b/,null:{pattern:/\bnull\b/,alias:"keyword"},operator:{pattern:/(\s)(?:[-+*\/%]|[=!]=|<=?|>=?|and|not|or)(?=\s)/,lookbehind:!0}}),a.languages.scss.atrule.inside.rest=a.languages.scss,function(e){var t={pattern:/(\b\d+)(?:%|[a-z]+)/,lookbehind:!0},n={pattern:/(^|[^\w.-])-?(?:\d+(?:\.\d+)?|\.\d+)/,lookbehind:!0},r={comment:{pattern:/(^|[^\\])(?:\/\*[\s\S]*?\*\/|\/\/.*)/,lookbehind:!0},url:{pattern:/\burl\((["']?).*?\1\)/i,greedy:!0},string:{pattern:/("|')(?:(?!\1)[^\\\r\n]|\\(?:\r\n|[\s\S]))*\1/,greedy:!0},interpolation:null,func:null,important:/\B!(?:important|optional)\b/i,keyword:{pattern:/(^|\s+)(?:(?:else|for|if|return|unless)(?=\s|$)|@[\w-]+)/,lookbehind:!0},hexcode:/#[\da-f]{3,6}/i,color:[/\b(?:AliceBlue|AntiqueWhite|Aqua|Aquamarine|Azure|Beige|Bisque|Black|BlanchedAlmond|Blue|BlueViolet|Brown|BurlyWood|CadetBlue|Chartreuse|Chocolate|Coral|CornflowerBlue|Cornsilk|Crimson|Cyan|DarkBlue|DarkCyan|DarkGoldenRod|DarkGr[ae]y|DarkGreen|DarkKhaki|DarkMagenta|DarkOliveGreen|DarkOrange|DarkOrchid|DarkRed|DarkSalmon|DarkSeaGreen|DarkSlateBlue|DarkSlateGr[ae]y|DarkTurquoise|DarkViolet|DeepPink|DeepSkyBlue|DimGr[ae]y|DodgerBlue|FireBrick|FloralWhite|ForestGreen|Fuchsia|Gainsboro|GhostWhite|Gold|GoldenRod|Gr[ae]y|Green|GreenYellow|HoneyDew|HotPink|IndianRed|Indigo|Ivory|Khaki|Lavender|LavenderBlush|LawnGreen|LemonChiffon|LightBlue|LightCoral|LightCyan|LightGoldenRodYellow|LightGr[ae]y|LightGreen|LightPink|LightSalmon|LightSeaGreen|LightSkyBlue|LightSlateGr[ae]y|LightSteelBlue|LightYellow|Lime|LimeGreen|Linen|Magenta|Maroon|MediumAquaMarine|MediumBlue|MediumOrchid|MediumPurple|MediumSeaGreen|MediumSlateBlue|MediumSpringGreen|MediumTurquoise|MediumVioletRed|MidnightBlue|MintCream|MistyRose|Moccasin|NavajoWhite|Navy|OldLace|Olive|OliveDrab|Orange|OrangeRed|Orchid|PaleGoldenRod|PaleGreen|PaleTurquoise|PaleVioletRed|PapayaWhip|PeachPuff|Peru|Pink|Plum|PowderBlue|Purple|Red|RosyBrown|RoyalBlue|SaddleBrown|Salmon|SandyBrown|SeaGreen|SeaShell|Sienna|Silver|SkyBlue|SlateBlue|SlateGr[ae]y|Snow|SpringGreen|SteelBlue|Tan|Teal|Thistle|Tomato|Transparent|Turquoise|Violet|Wheat|White|WhiteSmoke|Yellow|YellowGreen)\b/i,{pattern:/\b(?:hsl|rgb)\(\s*\d{1,3}\s*,\s*\d{1,3}%?\s*,\s*\d{1,3}%?\s*\)\B|\b(?:hsl|rgb)a\(\s*\d{1,3}\s*,\s*\d{1,3}%?\s*,\s*\d{1,3}%?\s*,\s*(?:0|0?\.\d+|1)\s*\)\B/i,inside:{unit:t,number:n,function:/[\w-]+(?=\()/,punctuation:/[(),]/}}],entity:/\\[\da-f]{1,8}/i,unit:t,boolean:/\b(?:false|true)\b/,operator:[/~|[+!\/%<>?=]=?|[-:]=|\*[*=]?|\.{2,3}|&&|\|\||\B-\B|\b(?:and|in|is(?: a| defined| not|nt)?|not|or)\b/],number:n,punctuation:/[{}()\[\];:,]/};r.interpolation={pattern:/\{[^\r\n}:]+\}/,alias:"variable",inside:{delimiter:{pattern:/^\{|\}$/,alias:"punctuation"},rest:r}},r.func={pattern:/[\w-]+\([^)]*\).*/,inside:{function:/^[^(]+/,rest:r}},e.languages.stylus={"atrule-declaration":{pattern:/(^[ \t]*)@.+/m,lookbehind:!0,inside:{atrule:/^@[\w-]+/,rest:r}},"variable-declaration":{pattern:/(^[ \t]*)[\w$-]+\s*.?=[ \t]*(?:\{[^{}]*\}|\S.*|$)/m,lookbehind:!0,inside:{variable:/^\S+/,rest:r}},statement:{pattern:/(^[ \t]*)(?:else|for|if|return|unless)[ \t].+/m,lookbehind:!0,inside:{keyword:/^\S+/,rest:r}},"property-declaration":{pattern:/((?:^|\{)([ \t]*))(?:[\w-]|\{[^}\r\n]+\})+(?:\s*:\s*|[ \t]+)(?!\s)[^{\r\n]*(?:;|[^{\r\n,]$(?!(?:\r?\n|\r)(?:\{|\2[ \t])))/m,lookbehind:!0,inside:{property:{pattern:/^[^\s:]+/,inside:{interpolation:r.interpolation}},rest:r}},selector:{pattern:/(^[ \t]*)(?:(?=\S)(?:[^{}\r\n:()]|::?[\w-]+(?:\([^)\r\n]*\)|(?![\w-]))|\{[^}\r\n]+\})+)(?:(?:\r?\n|\r)(?:\1(?:(?=\S)(?:[^{}\r\n:()]|::?[\w-]+(?:\([^)\r\n]*\)|(?![\w-]))|\{[^}\r\n]+\})+)))*(?:,$|\{|(?=(?:\r?\n|\r)(?:\{|\1[ \t])))/m,lookbehind:!0,inside:{interpolation:r.interpolation,comment:r.comment,punctuation:/[{},]/}},func:r.func,string:r.string,comment:{pattern:/(^|[^\\])(?:\/\*[\s\S]*?\*\/|\/\/.*)/,lookbehind:!0,greedy:!0},interpolation:r.interpolation,punctuation:/[{}()\[\];:.]/}}(a),function(e){var t=e.util.clone(e.languages.typescript);e.languages.tsx=e.languages.extend("jsx",t),delete e.languages.tsx.parameter,delete e.languages.tsx["literal-property"];var n=e.languages.tsx.tag;n.pattern=RegExp(/(^|[^\w$]|(?=<\/))/.source+"(?:"+n.pattern.source+")",n.pattern.flags),n.lookbehind=!0}(a),a.languages.wasm={comment:[/\(;[\s\S]*?;\)/,{pattern:/;;.*/,greedy:!0}],string:{pattern:/"(?:\\[\s\S]|[^"\\])*"/,greedy:!0},keyword:[{pattern:/\b(?:align|offset)=/,inside:{operator:/=/}},{pattern:/\b(?:(?:f32|f64|i32|i64)(?:\.(?:abs|add|and|ceil|clz|const|convert_[su]\/i(?:32|64)|copysign|ctz|demote\/f64|div(?:_[su])?|eqz?|extend_[su]\/i32|floor|ge(?:_[su])?|gt(?:_[su])?|le(?:_[su])?|load(?:(?:8|16|32)_[su])?|lt(?:_[su])?|max|min|mul|neg?|nearest|or|popcnt|promote\/f32|reinterpret\/[fi](?:32|64)|rem_[su]|rot[lr]|shl|shr_[su]|sqrt|store(?:8|16|32)?|sub|trunc(?:_[su]\/f(?:32|64))?|wrap\/i64|xor))?|memory\.(?:grow|size))\b/,inside:{punctuation:/\./}},/\b(?:anyfunc|block|br(?:_if|_table)?|call(?:_indirect)?|data|drop|elem|else|end|export|func|get_(?:global|local)|global|if|import|local|loop|memory|module|mut|nop|offset|param|result|return|select|set_(?:global|local)|start|table|tee_local|then|type|unreachable)\b/],variable:/\$[\w!#$%&'*+\-./:<=>?@\\^`|~]+/,number:/[+-]?\b(?:\d(?:_?\d)*(?:\.\d(?:_?\d)*)?(?:[eE][+-]?\d(?:_?\d)*)?|0x[\da-fA-F](?:_?[\da-fA-F])*(?:\.[\da-fA-F](?:_?[\da-fA-D])*)?(?:[pP][+-]?\d(?:_?\d)*)?)\b|\binf\b|\bnan(?::0x[\da-fA-F](?:_?[\da-fA-D])*)?\b/,punctuation:/[()]/};const o=a},9901:e=>{e.exports&&(e.exports={core:{meta:{path:"components/prism-core.js",option:"mandatory"},core:"Core"},themes:{meta:{path:"themes/{id}.css",link:"index.html?theme={id}",exclusive:!0},prism:{title:"Default",option:"default"},"prism-dark":"Dark","prism-funky":"Funky","prism-okaidia":{title:"Okaidia",owner:"ocodia"},"prism-twilight":{title:"Twilight",owner:"remybach"},"prism-coy":{title:"Coy",owner:"tshedor"},"prism-solarizedlight":{title:"Solarized Light",owner:"hectormatos2011 "},"prism-tomorrow":{title:"Tomorrow Night",owner:"Rosey"}},languages:{meta:{path:"components/prism-{id}",noCSS:!0,examplesPath:"examples/prism-{id}",addCheckAll:!0},markup:{title:"Markup",alias:["html","xml","svg","mathml","ssml","atom","rss"],aliasTitles:{html:"HTML",xml:"XML",svg:"SVG",mathml:"MathML",ssml:"SSML",atom:"Atom",rss:"RSS"},option:"default"},css:{title:"CSS",option:"default",modify:"markup"},clike:{title:"C-like",option:"default"},javascript:{title:"JavaScript",require:"clike",modify:"markup",optional:"regex",alias:"js",option:"default"},abap:{title:"ABAP",owner:"dellagustin"},abnf:{title:"ABNF",owner:"RunDevelopment"},actionscript:{title:"ActionScript",require:"javascript",modify:"markup",owner:"Golmote"},ada:{title:"Ada",owner:"Lucretia"},agda:{title:"Agda",owner:"xy-ren"},al:{title:"AL",owner:"RunDevelopment"},antlr4:{title:"ANTLR4",alias:"g4",owner:"RunDevelopment"},apacheconf:{title:"Apache Configuration",owner:"GuiTeK"},apex:{title:"Apex",require:["clike","sql"],owner:"RunDevelopment"},apl:{title:"APL",owner:"ngn"},applescript:{title:"AppleScript",owner:"Golmote"},aql:{title:"AQL",owner:"RunDevelopment"},arduino:{title:"Arduino",require:"cpp",alias:"ino",owner:"dkern"},arff:{title:"ARFF",owner:"Golmote"},armasm:{title:"ARM Assembly",alias:"arm-asm",owner:"RunDevelopment"},arturo:{title:"Arturo",alias:"art",optional:["bash","css","javascript","markup","markdown","sql"],owner:"drkameleon"},asciidoc:{alias:"adoc",title:"AsciiDoc",owner:"Golmote"},aspnet:{title:"ASP.NET (C#)",require:["markup","csharp"],owner:"nauzilus"},asm6502:{title:"6502 Assembly",owner:"kzurawel"},asmatmel:{title:"Atmel AVR Assembly",owner:"cerkit"},autohotkey:{title:"AutoHotkey",owner:"aviaryan"},autoit:{title:"AutoIt",owner:"Golmote"},avisynth:{title:"AviSynth",alias:"avs",owner:"Zinfidel"},"avro-idl":{title:"Avro IDL",alias:"avdl",owner:"RunDevelopment"},awk:{title:"AWK",alias:"gawk",aliasTitles:{gawk:"GAWK"},owner:"RunDevelopment"},bash:{title:"Bash",alias:["sh","shell"],aliasTitles:{sh:"Shell",shell:"Shell"},owner:"zeitgeist87"},basic:{title:"BASIC",owner:"Golmote"},batch:{title:"Batch",owner:"Golmote"},bbcode:{title:"BBcode",alias:"shortcode",aliasTitles:{shortcode:"Shortcode"},owner:"RunDevelopment"},bbj:{title:"BBj",owner:"hyyan"},bicep:{title:"Bicep",owner:"johnnyreilly"},birb:{title:"Birb",require:"clike",owner:"Calamity210"},bison:{title:"Bison",require:"c",owner:"Golmote"},bnf:{title:"BNF",alias:"rbnf",aliasTitles:{rbnf:"RBNF"},owner:"RunDevelopment"},bqn:{title:"BQN",owner:"yewscion"},brainfuck:{title:"Brainfuck",owner:"Golmote"},brightscript:{title:"BrightScript",owner:"RunDevelopment"},bro:{title:"Bro",owner:"wayward710"},bsl:{title:"BSL (1C:Enterprise)",alias:"oscript",aliasTitles:{oscript:"OneScript"},owner:"Diversus23"},c:{title:"C",require:"clike",owner:"zeitgeist87"},csharp:{title:"C#",require:"clike",alias:["cs","dotnet"],owner:"mvalipour"},cpp:{title:"C++",require:"c",owner:"zeitgeist87"},cfscript:{title:"CFScript",require:"clike",alias:"cfc",owner:"mjclemente"},chaiscript:{title:"ChaiScript",require:["clike","cpp"],owner:"RunDevelopment"},cil:{title:"CIL",owner:"sbrl"},cilkc:{title:"Cilk/C",require:"c",alias:"cilk-c",owner:"OpenCilk"},cilkcpp:{title:"Cilk/C++",require:"cpp",alias:["cilk-cpp","cilk"],owner:"OpenCilk"},clojure:{title:"Clojure",owner:"troglotit"},cmake:{title:"CMake",owner:"mjrogozinski"},cobol:{title:"COBOL",owner:"RunDevelopment"},coffeescript:{title:"CoffeeScript",require:"javascript",alias:"coffee",owner:"R-osey"},concurnas:{title:"Concurnas",alias:"conc",owner:"jasontatton"},csp:{title:"Content-Security-Policy",owner:"ScottHelme"},cooklang:{title:"Cooklang",owner:"ahue"},coq:{title:"Coq",owner:"RunDevelopment"},crystal:{title:"Crystal",require:"ruby",owner:"MakeNowJust"},"css-extras":{title:"CSS Extras",require:"css",modify:"css",owner:"milesj"},csv:{title:"CSV",owner:"RunDevelopment"},cue:{title:"CUE",owner:"RunDevelopment"},cypher:{title:"Cypher",owner:"RunDevelopment"},d:{title:"D",require:"clike",owner:"Golmote"},dart:{title:"Dart",require:"clike",owner:"Golmote"},dataweave:{title:"DataWeave",owner:"machaval"},dax:{title:"DAX",owner:"peterbud"},dhall:{title:"Dhall",owner:"RunDevelopment"},diff:{title:"Diff",owner:"uranusjr"},django:{title:"Django/Jinja2",require:"markup-templating",alias:"jinja2",owner:"romanvm"},"dns-zone-file":{title:"DNS zone file",owner:"RunDevelopment",alias:"dns-zone"},docker:{title:"Docker",alias:"dockerfile",owner:"JustinBeckwith"},dot:{title:"DOT (Graphviz)",alias:"gv",optional:"markup",owner:"RunDevelopment"},ebnf:{title:"EBNF",owner:"RunDevelopment"},editorconfig:{title:"EditorConfig",owner:"osipxd"},eiffel:{title:"Eiffel",owner:"Conaclos"},ejs:{title:"EJS",require:["javascript","markup-templating"],owner:"RunDevelopment",alias:"eta",aliasTitles:{eta:"Eta"}},elixir:{title:"Elixir",owner:"Golmote"},elm:{title:"Elm",owner:"zwilias"},etlua:{title:"Embedded Lua templating",require:["lua","markup-templating"],owner:"RunDevelopment"},erb:{title:"ERB",require:["ruby","markup-templating"],owner:"Golmote"},erlang:{title:"Erlang",owner:"Golmote"},"excel-formula":{title:"Excel Formula",alias:["xlsx","xls"],owner:"RunDevelopment"},fsharp:{title:"F#",require:"clike",owner:"simonreynolds7"},factor:{title:"Factor",owner:"catb0t"},false:{title:"False",owner:"edukisto"},"firestore-security-rules":{title:"Firestore security rules",require:"clike",owner:"RunDevelopment"},flow:{title:"Flow",require:"javascript",owner:"Golmote"},fortran:{title:"Fortran",owner:"Golmote"},ftl:{title:"FreeMarker Template Language",require:"markup-templating",owner:"RunDevelopment"},gml:{title:"GameMaker Language",alias:"gamemakerlanguage",require:"clike",owner:"LiarOnce"},gap:{title:"GAP (CAS)",owner:"RunDevelopment"},gcode:{title:"G-code",owner:"RunDevelopment"},gdscript:{title:"GDScript",owner:"RunDevelopment"},gedcom:{title:"GEDCOM",owner:"Golmote"},gettext:{title:"gettext",alias:"po",owner:"RunDevelopment"},gherkin:{title:"Gherkin",owner:"hason"},git:{title:"Git",owner:"lgiraudel"},glsl:{title:"GLSL",require:"c",owner:"Golmote"},gn:{title:"GN",alias:"gni",owner:"RunDevelopment"},"linker-script":{title:"GNU Linker Script",alias:"ld",owner:"RunDevelopment"},go:{title:"Go",require:"clike",owner:"arnehormann"},"go-module":{title:"Go module",alias:"go-mod",owner:"RunDevelopment"},gradle:{title:"Gradle",require:"clike",owner:"zeabdelkhalek-badido18"},graphql:{title:"GraphQL",optional:"markdown",owner:"Golmote"},groovy:{title:"Groovy",require:"clike",owner:"robfletcher"},haml:{title:"Haml",require:"ruby",optional:["css","css-extras","coffeescript","erb","javascript","less","markdown","scss","textile"],owner:"Golmote"},handlebars:{title:"Handlebars",require:"markup-templating",alias:["hbs","mustache"],aliasTitles:{mustache:"Mustache"},owner:"Golmote"},haskell:{title:"Haskell",alias:"hs",owner:"bholst"},haxe:{title:"Haxe",require:"clike",optional:"regex",owner:"Golmote"},hcl:{title:"HCL",owner:"outsideris"},hlsl:{title:"HLSL",require:"c",owner:"RunDevelopment"},hoon:{title:"Hoon",owner:"matildepark"},http:{title:"HTTP",optional:["csp","css","hpkp","hsts","javascript","json","markup","uri"],owner:"danielgtaylor"},hpkp:{title:"HTTP Public-Key-Pins",owner:"ScottHelme"},hsts:{title:"HTTP Strict-Transport-Security",owner:"ScottHelme"},ichigojam:{title:"IchigoJam",owner:"BlueCocoa"},icon:{title:"Icon",owner:"Golmote"},"icu-message-format":{title:"ICU Message Format",owner:"RunDevelopment"},idris:{title:"Idris",alias:"idr",owner:"KeenS",require:"haskell"},ignore:{title:".ignore",owner:"osipxd",alias:["gitignore","hgignore","npmignore"],aliasTitles:{gitignore:".gitignore",hgignore:".hgignore",npmignore:".npmignore"}},inform7:{title:"Inform 7",owner:"Golmote"},ini:{title:"Ini",owner:"aviaryan"},io:{title:"Io",owner:"AlesTsurko"},j:{title:"J",owner:"Golmote"},java:{title:"Java",require:"clike",owner:"sherblot"},javadoc:{title:"JavaDoc",require:["markup","java","javadoclike"],modify:"java",optional:"scala",owner:"RunDevelopment"},javadoclike:{title:"JavaDoc-like",modify:["java","javascript","php"],owner:"RunDevelopment"},javastacktrace:{title:"Java stack trace",owner:"RunDevelopment"},jexl:{title:"Jexl",owner:"czosel"},jolie:{title:"Jolie",require:"clike",owner:"thesave"},jq:{title:"JQ",owner:"RunDevelopment"},jsdoc:{title:"JSDoc",require:["javascript","javadoclike","typescript"],modify:"javascript",optional:["actionscript","coffeescript"],owner:"RunDevelopment"},"js-extras":{title:"JS Extras",require:"javascript",modify:"javascript",optional:["actionscript","coffeescript","flow","n4js","typescript"],owner:"RunDevelopment"},json:{title:"JSON",alias:"webmanifest",aliasTitles:{webmanifest:"Web App Manifest"},owner:"CupOfTea696"},json5:{title:"JSON5",require:"json",owner:"RunDevelopment"},jsonp:{title:"JSONP",require:"json",owner:"RunDevelopment"},jsstacktrace:{title:"JS stack trace",owner:"sbrl"},"js-templates":{title:"JS Templates",require:"javascript",modify:"javascript",optional:["css","css-extras","graphql","markdown","markup","sql"],owner:"RunDevelopment"},julia:{title:"Julia",owner:"cdagnino"},keepalived:{title:"Keepalived Configure",owner:"dev-itsheng"},keyman:{title:"Keyman",owner:"mcdurdin"},kotlin:{title:"Kotlin",alias:["kt","kts"],aliasTitles:{kts:"Kotlin Script"},require:"clike",owner:"Golmote"},kumir:{title:"KuMir (\u041a\u0443\u041c\u0438\u0440)",alias:"kum",owner:"edukisto"},kusto:{title:"Kusto",owner:"RunDevelopment"},latex:{title:"LaTeX",alias:["tex","context"],aliasTitles:{tex:"TeX",context:"ConTeXt"},owner:"japborst"},latte:{title:"Latte",require:["clike","markup-templating","php"],owner:"nette"},less:{title:"Less",require:"css",optional:"css-extras",owner:"Golmote"},lilypond:{title:"LilyPond",require:"scheme",alias:"ly",owner:"RunDevelopment"},liquid:{title:"Liquid",require:"markup-templating",owner:"cinhtau"},lisp:{title:"Lisp",alias:["emacs","elisp","emacs-lisp"],owner:"JuanCaicedo"},livescript:{title:"LiveScript",owner:"Golmote"},llvm:{title:"LLVM IR",owner:"porglezomp"},log:{title:"Log file",optional:"javastacktrace",owner:"RunDevelopment"},lolcode:{title:"LOLCODE",owner:"Golmote"},lua:{title:"Lua",owner:"Golmote"},magma:{title:"Magma (CAS)",owner:"RunDevelopment"},makefile:{title:"Makefile",owner:"Golmote"},markdown:{title:"Markdown",require:"markup",optional:"yaml",alias:"md",owner:"Golmote"},"markup-templating":{title:"Markup templating",require:"markup",owner:"Golmote"},mata:{title:"Mata",owner:"RunDevelopment"},matlab:{title:"MATLAB",owner:"Golmote"},maxscript:{title:"MAXScript",owner:"RunDevelopment"},mel:{title:"MEL",owner:"Golmote"},mermaid:{title:"Mermaid",owner:"RunDevelopment"},metafont:{title:"METAFONT",owner:"LaeriExNihilo"},mizar:{title:"Mizar",owner:"Golmote"},mongodb:{title:"MongoDB",owner:"airs0urce",require:"javascript"},monkey:{title:"Monkey",owner:"Golmote"},moonscript:{title:"MoonScript",alias:"moon",owner:"RunDevelopment"},n1ql:{title:"N1QL",owner:"TMWilds"},n4js:{title:"N4JS",require:"javascript",optional:"jsdoc",alias:"n4jsd",owner:"bsmith-n4"},"nand2tetris-hdl":{title:"Nand To Tetris HDL",owner:"stephanmax"},naniscript:{title:"Naninovel Script",owner:"Elringus",alias:"nani"},nasm:{title:"NASM",owner:"rbmj"},neon:{title:"NEON",owner:"nette"},nevod:{title:"Nevod",owner:"nezaboodka"},nginx:{title:"nginx",owner:"volado"},nim:{title:"Nim",owner:"Golmote"},nix:{title:"Nix",owner:"Golmote"},nsis:{title:"NSIS",owner:"idleberg"},objectivec:{title:"Objective-C",require:"c",alias:"objc",owner:"uranusjr"},ocaml:{title:"OCaml",owner:"Golmote"},odin:{title:"Odin",owner:"edukisto"},opencl:{title:"OpenCL",require:"c",modify:["c","cpp"],owner:"Milania1"},openqasm:{title:"OpenQasm",alias:"qasm",owner:"RunDevelopment"},oz:{title:"Oz",owner:"Golmote"},parigp:{title:"PARI/GP",owner:"Golmote"},parser:{title:"Parser",require:"markup",owner:"Golmote"},pascal:{title:"Pascal",alias:"objectpascal",aliasTitles:{objectpascal:"Object Pascal"},owner:"Golmote"},pascaligo:{title:"Pascaligo",owner:"DefinitelyNotAGoat"},psl:{title:"PATROL Scripting Language",owner:"bertysentry"},pcaxis:{title:"PC-Axis",alias:"px",owner:"RunDevelopment"},peoplecode:{title:"PeopleCode",alias:"pcode",owner:"RunDevelopment"},perl:{title:"Perl",owner:"Golmote"},php:{title:"PHP",require:"markup-templating",owner:"milesj"},phpdoc:{title:"PHPDoc",require:["php","javadoclike"],modify:"php",owner:"RunDevelopment"},"php-extras":{title:"PHP Extras",require:"php",modify:"php",owner:"milesj"},"plant-uml":{title:"PlantUML",alias:"plantuml",owner:"RunDevelopment"},plsql:{title:"PL/SQL",require:"sql",owner:"Golmote"},powerquery:{title:"PowerQuery",alias:["pq","mscript"],owner:"peterbud"},powershell:{title:"PowerShell",owner:"nauzilus"},processing:{title:"Processing",require:"clike",owner:"Golmote"},prolog:{title:"Prolog",owner:"Golmote"},promql:{title:"PromQL",owner:"arendjr"},properties:{title:".properties",owner:"Golmote"},protobuf:{title:"Protocol Buffers",require:"clike",owner:"just-boris"},pug:{title:"Pug",require:["markup","javascript"],optional:["coffeescript","ejs","handlebars","less","livescript","markdown","scss","stylus","twig"],owner:"Golmote"},puppet:{title:"Puppet",owner:"Golmote"},pure:{title:"Pure",optional:["c","cpp","fortran"],owner:"Golmote"},purebasic:{title:"PureBasic",require:"clike",alias:"pbfasm",owner:"HeX0R101"},purescript:{title:"PureScript",require:"haskell",alias:"purs",owner:"sriharshachilakapati"},python:{title:"Python",alias:"py",owner:"multipetros"},qsharp:{title:"Q#",require:"clike",alias:"qs",owner:"fedonman"},q:{title:"Q (kdb+ database)",owner:"Golmote"},qml:{title:"QML",require:"javascript",owner:"RunDevelopment"},qore:{title:"Qore",require:"clike",owner:"temnroegg"},r:{title:"R",owner:"Golmote"},racket:{title:"Racket",require:"scheme",alias:"rkt",owner:"RunDevelopment"},cshtml:{title:"Razor C#",alias:"razor",require:["markup","csharp"],optional:["css","css-extras","javascript","js-extras"],owner:"RunDevelopment"},jsx:{title:"React JSX",require:["markup","javascript"],optional:["jsdoc","js-extras","js-templates"],owner:"vkbansal"},tsx:{title:"React TSX",require:["jsx","typescript"]},reason:{title:"Reason",require:"clike",owner:"Golmote"},regex:{title:"Regex",owner:"RunDevelopment"},rego:{title:"Rego",owner:"JordanSh"},renpy:{title:"Ren'py",alias:"rpy",owner:"HyuchiaDiego"},rescript:{title:"ReScript",alias:"res",owner:"vmarcosp"},rest:{title:"reST (reStructuredText)",owner:"Golmote"},rip:{title:"Rip",owner:"ravinggenius"},roboconf:{title:"Roboconf",owner:"Golmote"},robotframework:{title:"Robot Framework",alias:"robot",owner:"RunDevelopment"},ruby:{title:"Ruby",require:"clike",alias:"rb",owner:"samflores"},rust:{title:"Rust",owner:"Golmote"},sas:{title:"SAS",optional:["groovy","lua","sql"],owner:"Golmote"},sass:{title:"Sass (Sass)",require:"css",optional:"css-extras",owner:"Golmote"},scss:{title:"Sass (SCSS)",require:"css",optional:"css-extras",owner:"MoOx"},scala:{title:"Scala",require:"java",owner:"jozic"},scheme:{title:"Scheme",owner:"bacchus123"},"shell-session":{title:"Shell session",require:"bash",alias:["sh-session","shellsession"],owner:"RunDevelopment"},smali:{title:"Smali",owner:"RunDevelopment"},smalltalk:{title:"Smalltalk",owner:"Golmote"},smarty:{title:"Smarty",require:"markup-templating",optional:"php",owner:"Golmote"},sml:{title:"SML",alias:"smlnj",aliasTitles:{smlnj:"SML/NJ"},owner:"RunDevelopment"},solidity:{title:"Solidity (Ethereum)",alias:"sol",require:"clike",owner:"glachaud"},"solution-file":{title:"Solution file",alias:"sln",owner:"RunDevelopment"},soy:{title:"Soy (Closure Template)",require:"markup-templating",owner:"Golmote"},sparql:{title:"SPARQL",require:"turtle",owner:"Triply-Dev",alias:"rq"},"splunk-spl":{title:"Splunk SPL",owner:"RunDevelopment"},sqf:{title:"SQF: Status Quo Function (Arma 3)",require:"clike",owner:"RunDevelopment"},sql:{title:"SQL",owner:"multipetros"},squirrel:{title:"Squirrel",require:"clike",owner:"RunDevelopment"},stan:{title:"Stan",owner:"RunDevelopment"},stata:{title:"Stata Ado",require:["mata","java","python"],owner:"RunDevelopment"},iecst:{title:"Structured Text (IEC 61131-3)",owner:"serhioromano"},stylus:{title:"Stylus",owner:"vkbansal"},supercollider:{title:"SuperCollider",alias:"sclang",owner:"RunDevelopment"},swift:{title:"Swift",owner:"chrischares"},systemd:{title:"Systemd configuration file",owner:"RunDevelopment"},"t4-templating":{title:"T4 templating",owner:"RunDevelopment"},"t4-cs":{title:"T4 Text Templates (C#)",require:["t4-templating","csharp"],alias:"t4",owner:"RunDevelopment"},"t4-vb":{title:"T4 Text Templates (VB)",require:["t4-templating","vbnet"],owner:"RunDevelopment"},tap:{title:"TAP",owner:"isaacs",require:"yaml"},tcl:{title:"Tcl",owner:"PeterChaplin"},tt2:{title:"Template Toolkit 2",require:["clike","markup-templating"],owner:"gflohr"},textile:{title:"Textile",require:"markup",optional:"css",owner:"Golmote"},toml:{title:"TOML",owner:"RunDevelopment"},tremor:{title:"Tremor",alias:["trickle","troy"],owner:"darach",aliasTitles:{trickle:"trickle",troy:"troy"}},turtle:{title:"Turtle",alias:"trig",aliasTitles:{trig:"TriG"},owner:"jakubklimek"},twig:{title:"Twig",require:"markup-templating",owner:"brandonkelly"},typescript:{title:"TypeScript",require:"javascript",optional:"js-templates",alias:"ts",owner:"vkbansal"},typoscript:{title:"TypoScript",alias:"tsconfig",aliasTitles:{tsconfig:"TSConfig"},owner:"dkern"},unrealscript:{title:"UnrealScript",alias:["uscript","uc"],owner:"RunDevelopment"},uorazor:{title:"UO Razor Script",owner:"jaseowns"},uri:{title:"URI",alias:"url",aliasTitles:{url:"URL"},owner:"RunDevelopment"},v:{title:"V",require:"clike",owner:"taggon"},vala:{title:"Vala",require:"clike",optional:"regex",owner:"TemplarVolk"},vbnet:{title:"VB.Net",require:"basic",owner:"Bigsby"},velocity:{title:"Velocity",require:"markup",owner:"Golmote"},verilog:{title:"Verilog",owner:"a-rey"},vhdl:{title:"VHDL",owner:"a-rey"},vim:{title:"vim",owner:"westonganger"},"visual-basic":{title:"Visual Basic",alias:["vb","vba"],aliasTitles:{vba:"VBA"},owner:"Golmote"},warpscript:{title:"WarpScript",owner:"RunDevelopment"},wasm:{title:"WebAssembly",owner:"Golmote"},"web-idl":{title:"Web IDL",alias:"webidl",owner:"RunDevelopment"},wgsl:{title:"WGSL",owner:"Dr4gonthree"},wiki:{title:"Wiki markup",require:"markup",owner:"Golmote"},wolfram:{title:"Wolfram language",alias:["mathematica","nb","wl"],aliasTitles:{mathematica:"Mathematica",nb:"Mathematica Notebook"},owner:"msollami"},wren:{title:"Wren",owner:"clsource"},xeora:{title:"Xeora",require:"markup",alias:"xeoracube",aliasTitles:{xeoracube:"XeoraCube"},owner:"freakmaxi"},"xml-doc":{title:"XML doc (.net)",require:"markup",modify:["csharp","fsharp","vbnet"],owner:"RunDevelopment"},xojo:{title:"Xojo (REALbasic)",owner:"Golmote"},xquery:{title:"XQuery",require:"markup",owner:"Golmote"},yaml:{title:"YAML",alias:"yml",owner:"hason"},yang:{title:"YANG",owner:"RunDevelopment"},zig:{title:"Zig",owner:"RunDevelopment"}},plugins:{meta:{path:"plugins/{id}/prism-{id}",link:"plugins/{id}/"},"line-highlight":{title:"Line Highlight",description:"Highlights specific lines and/or line ranges."},"line-numbers":{title:"Line Numbers",description:"Line number at the beginning of code lines.",owner:"kuba-kubula"},"show-invisibles":{title:"Show Invisibles",description:"Show hidden characters such as tabs and line breaks.",optional:["autolinker","data-uri-highlight"]},autolinker:{title:"Autolinker",description:"Converts URLs and emails in code to clickable links. Parses Markdown links in comments."},wpd:{title:"WebPlatform Docs",description:'Makes tokens link to WebPlatform.org documentation. The links open in a new tab.'},"custom-class":{title:"Custom Class",description:"This plugin allows you to prefix Prism's default classes (.comment can become .namespace--comment) or replace them with your defined ones (like .editor__comment). You can even add new classes.",owner:"dvkndn",noCSS:!0},"file-highlight":{title:"File Highlight",description:"Fetch external files and highlight them with Prism. Used on the Prism website itself.",noCSS:!0},"show-language":{title:"Show Language",description:"Display the highlighted language in code blocks (inline code does not show the label).",owner:"nauzilus",noCSS:!0,require:"toolbar"},"jsonp-highlight":{title:"JSONP Highlight",description:"Fetch content with JSONP and highlight some interesting content (e.g. GitHub/Gists or Bitbucket API).",noCSS:!0,owner:"nauzilus"},"highlight-keywords":{title:"Highlight Keywords",description:"Adds special CSS classes for each keyword for fine-grained highlighting.",owner:"vkbansal",noCSS:!0},"remove-initial-line-feed":{title:"Remove initial line feed",description:"Removes the initial line feed in code blocks.",owner:"Golmote",noCSS:!0},"inline-color":{title:"Inline color",description:"Adds a small inline preview for colors in style sheets.",require:"css-extras",owner:"RunDevelopment"},previewers:{title:"Previewers",description:"Previewers for angles, colors, gradients, easing and time.",require:"css-extras",owner:"Golmote"},autoloader:{title:"Autoloader",description:"Automatically loads the needed languages to highlight the code blocks.",owner:"Golmote",noCSS:!0},"keep-markup":{title:"Keep Markup",description:"Prevents custom markup from being dropped out during highlighting.",owner:"Golmote",optional:"normalize-whitespace",noCSS:!0},"command-line":{title:"Command Line",description:"Display a command line with a prompt and, optionally, the output/response from the commands.",owner:"chriswells0"},"unescaped-markup":{title:"Unescaped Markup",description:"Write markup without having to escape anything."},"normalize-whitespace":{title:"Normalize Whitespace",description:"Supports multiple operations to normalize whitespace in code blocks.",owner:"zeitgeist87",optional:"unescaped-markup",noCSS:!0},"data-uri-highlight":{title:"Data-URI Highlight",description:"Highlights data-URI contents.",owner:"Golmote",noCSS:!0},toolbar:{title:"Toolbar",description:"Attach a toolbar for plugins to easily register buttons on the top of a code block.",owner:"mAAdhaTTah"},"copy-to-clipboard":{title:"Copy to Clipboard Button",description:"Add a button that copies the code block to the clipboard when clicked.",owner:"mAAdhaTTah",require:"toolbar",noCSS:!0},"download-button":{title:"Download Button",description:"A button in the toolbar of a code block adding a convenient way to download a code file.",owner:"Golmote",require:"toolbar",noCSS:!0},"match-braces":{title:"Match braces",description:"Highlights matching braces.",owner:"RunDevelopment"},"diff-highlight":{title:"Diff Highlight",description:"Highlights the code inside diff blocks.",owner:"RunDevelopment",require:"diff"},"filter-highlight-all":{title:"Filter highlightAll",description:"Filters the elements the highlightAll and highlightAllUnder methods actually highlight.",owner:"RunDevelopment",noCSS:!0},treeview:{title:"Treeview",description:"A language with special styles to highlight file system tree structures.",owner:"Golmote"}}})},2885:(e,t,n)=>{const r=n(9901),a=n(9642),o=new Set;function i(e){void 0===e?e=Object.keys(r.languages).filter((e=>"meta"!=e)):Array.isArray(e)||(e=[e]);const t=[...o,...Object.keys(Prism.languages)];a(r,e,t).load((e=>{if(!(e in r.languages))return void(i.silent||console.warn("Language does not exist: "+e));const t="./prism-"+e;delete n.c[n(6500).resolve(t)],delete Prism.languages[e],n(6500)(t),o.add(e)}))}i.silent=!1,e.exports=i},6726:(e,t,n)=>{var r={"./":2885};function a(e){var t=o(e);return n(t)}function o(e){if(!n.o(r,e)){var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}return r[e]}a.keys=function(){return Object.keys(r)},a.resolve=o,e.exports=a,a.id=6726},6500:(e,t,n)=>{var r={"./":2885};function a(e){var t=o(e);return n(t)}function o(e){if(!n.o(r,e)){var t=new Error("Cannot find module '"+e+"'");throw t.code="MODULE_NOT_FOUND",t}return r[e]}a.keys=function(){return Object.keys(r)},a.resolve=o,e.exports=a,a.id=6500},9642:e=>{"use strict";var t=function(){var e=function(){};function t(e,t){Array.isArray(e)?e.forEach(t):null!=e&&t(e,0)}function n(e){for(var t={},n=0,r=e.length;n "));var l={},s=e[r];if(s){function c(t){if(!(t in e))throw new Error(r+" depends on an unknown component "+t);if(!(t in l))for(var i in a(t,o),l[t]=!0,n[t])l[i]=!0}t(s.require,c),t(s.optional,c),t(s.modify,c)}n[r]=l,o.pop()}}return function(e){var t=n[e];return t||(a(e,r),t=n[e]),t}}function a(e){for(var t in e)return!0;return!1}return function(o,i,l){var s=function(e){var t={};for(var n in e){var r=e[n];for(var a in r)if("meta"!=a){var o=r[a];t[a]="string"==typeof o?{title:o}:o}}return t}(o),c=function(e){var n;return function(r){if(r in e)return r;if(!n)for(var a in n={},e){var o=e[a];t(o&&o.alias,(function(t){if(t in n)throw new Error(t+" cannot be alias for both "+a+" and "+n[t]);if(t in e)throw new Error(t+" cannot be alias of "+a+" because it is a component.");n[t]=a}))}return n[r]||r}}(s);i=i.map(c),l=(l||[]).map(c);var u=n(i),d=n(l);i.forEach((function e(n){var r=s[n];t(r&&r.require,(function(t){t in d||(u[t]=!0,e(t))}))}));for(var f,p=r(s),m=u;a(m);){for(var h in f={},m){var g=s[h];t(g&&g.modify,(function(e){e in d&&(f[e]=!0)}))}for(var b in d)if(!(b in u))for(var v in p(b))if(v in u){f[b]=!0;break}for(var y in m=f)u[y]=!0}var w={getIds:function(){var e=[];return w.load((function(t){e.push(t)})),e},load:function(t,n){return function(t,n,r,a){var o=a?a.series:void 0,i=a?a.parallel:e,l={},s={};function c(e){if(e in l)return l[e];s[e]=!0;var a,u=[];for(var d in t(e))d in n&&u.push(d);if(0===u.length)a=r(e);else{var f=i(u.map((function(e){var t=c(e);return delete s[e],t})));o?a=o(f,(function(){return r(e)})):r(e)}return l[e]=a}for(var u in n)c(u);var d=[];for(var f in s)d.push(l[f]);return i(d)}(p,u,t,n)}};return w}}();e.exports=t},2703:(e,t,n)=>{"use strict";var r=n(414);function a(){}function o(){}o.resetWarningCache=a,e.exports=function(){function e(e,t,n,a,o,i){if(i!==r){var l=new Error("Calling PropTypes validators directly is not supported by the `prop-types` package. Use PropTypes.checkPropTypes() to call them. Read more at http://fb.me/use-check-prop-types");throw l.name="Invariant Violation",l}}function t(){return e}e.isRequired=e;var n={array:e,bigint:e,bool:e,func:e,number:e,object:e,string:e,symbol:e,any:e,arrayOf:t,element:e,elementType:e,instanceOf:t,node:e,objectOf:t,oneOf:t,oneOfType:t,shape:t,exact:t,checkPropTypes:o,resetWarningCache:a};return n.PropTypes=n,n}},5697:(e,t,n)=>{e.exports=n(2703)()},414:e=>{"use strict";e.exports="SECRET_DO_NOT_PASS_THIS_OR_YOU_WILL_BE_FIRED"},4448:(e,t,n)=>{"use strict";var r=n(7294),a=n(7418),o=n(3840);function i(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n